Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

262 advisories

Loading
openssl-encrypt's readiness endpoint leaks database error details to unauthenticated callers Moderate
GHSA-2vhw-q7vh-7xv2 was published for openssl-encrypt (pip) Apr 1, 2026
A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could... High Unreviewed
CVE-2026-20151 was published Apr 1, 2026
Exposure of sensitive information in the users MFA feature in Devolutions Server allows users... Moderate Unreviewed
CVE-2026-4927 was published Apr 1, 2026
Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies High
CVE-2026-34226 was published for happy-dom (npm) Mar 29, 2026
r74tech Credited to r74tech
Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMTP Mailer smtp... High Unreviewed
CVE-2026-32538 was published Mar 25, 2026
Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi Contact Form by... Moderate Unreviewed
CVE-2026-25339 was published Mar 25, 2026
lz4_flex's decompression can leak information from uninitialized memory or reused output buffer High
CVE-2026-32829 was published for lz4_flex (Rust) Mar 16, 2026
Marcono1234 Credited to Marcono1234
Mattermost fails to preserve the redacted state of burn-on-read posts during deletion Moderate
CVE-2026-2578 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 have two separate... High Unreviewed
CVE-2025-11500 was published Mar 16, 2026
Insertion of Sensitive Information Into Sent Data vulnerability in magepeopleteam WpEvently mage... Moderate Unreviewed
CVE-2026-32354 was published Mar 13, 2026
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0... Moderate Unreviewed
CVE-2025-14483 was published Mar 13, 2026
Insertion of Sensitive Information Into Sent Data vulnerability in Premio Chaty chaty allows... High Unreviewed
CVE-2026-27370 was published Mar 5, 2026
Insertion of Sensitive Information Into Sent Data vulnerability in Joe Dolson My Tickets my... High Unreviewed
CVE-2026-27406 was published Mar 5, 2026
Insertion of Sensitive Information Into Sent Data vulnerability in RadiusTheme Classified Listing... Moderate Unreviewed
CVE-2026-23546 was published Mar 5, 2026
Insertion of Sensitive Information Into Sent Data vulnerability in Roland Murg WP Booking System... Moderate Unreviewed
CVE-2025-68515 was published Mar 5, 2026
Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users High
CVE-2026-27465 was published for github.com/fleetdm/fleet/v4 (Go) Feb 26, 2026
prateek-0490 Credited to prateek-0490
HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at... Low Unreviewed
CVE-2026-1694 was published Feb 26, 2026
Insertion of Sensitive Information Into Sent Data vulnerability in WPVibes Elementor Addon... Moderate Unreviewed
CVE-2026-28131 was published Feb 26, 2026
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior expose user... High Unreviewed
CVE-2026-27516 was published Feb 24, 2026
Apache Airflow exposes sensitive information in its log files Moderate
CVE-2025-27555 was published for apache-airflow (pip) Feb 24, 2026
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a sensitive information... High Unreviewed
CVE-2026-27514 was published Feb 23, 2026
Insertion of Sensitive Information Into Sent Data vulnerability in themeglow JobBoard Job listing... Moderate Unreviewed
CVE-2025-68855 was published Feb 20, 2026
Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables... Moderate Unreviewed
CVE-2026-25008 was published Feb 19, 2026
OpenClaw MS Teams inbound attachment downloader leaks bearer tokens to allowlisted suffix domains Moderate
CVE-2026-28481 was published for openclaw (npm) Feb 17, 2026
yueyueL Credited to yueyueL
Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software... Moderate Unreviewed
CVE-2025-7708 was published Feb 9, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database