Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,894
Maven
5,000+
npm
5,000+
NuGet
963
pip
5,000+
Pub
13
RubyGems
1,061
Rust
1,373
Swift
54
Unreviewed advisories
All unreviewed
5,000+

290 advisories

Loading
OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users High
CVE-2026-46481 was published for org.open-metadata:openmetadata-service (Maven) May 21, 2026
JorgeCampoverdeA Credited to JorgeCampoverdeA
Kong Ingress Controller for Kubernetes (KIC): Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint Moderate
GHSA-3278-c88v-xrh4 was published for github.com/kong/kubernetes-ingress-controller (Go) May 19, 2026
bugbunny-research Credited to bugbunny-research
Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs Low
CVE-2026-45739 was published for strawberry-graphql (pip) May 19, 2026
lpschroer Credited to lpschroer, bellini666, and patrick91 bellini666 bellini666
patrick91 patrick91
n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters Moderate
CVE-2026-45582 was published for n8n-mcp (npm) May 18, 2026
u-ktdi Credited to u-ktdi
HCL AION is affected by a vulnerability where certain operations may trigger out-of-band... Moderate Unreviewed
CVE-2025-62305 was published May 14, 2026
HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain... Low Unreviewed
CVE-2025-62309 was published May 14, 2026
HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be... Moderate Unreviewed
CVE-2025-62308 was published May 14, 2026
dbt MCP Server Transmits All MCP Tool Arguments Including Raw SQL and --vars Credentials to dbt Labs Telemetry by Default Without Redaction Low
CVE-2026-44970 was published for dbt-mcp (pip) May 14, 2026
hewei-gikaku Credited to hewei-gikaku
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal WP EasyPay wp-easy... Moderate Unreviewed
CVE-2026-45215 was published May 12, 2026
MantisBT has an authorization bypass in private issue monitoring Moderate
CVE-2026-34579 was published for mantisbt/mantisbt (Composer) May 11, 2026
shukla304 Credited to shukla304 and dregad dregad dregad
HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet... Moderate Unreviewed
CVE-2025-31978 was published May 6, 2026
Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion Moderate
CVE-2026-42042 was published for axios (npm) May 5, 2026
August829 Credited to August829
Traefik's errors middleware forwards Authorization and Cookie headers to separate error page service Moderate
CVE-2026-41181 was published for github.com/traefik/traefik/v2 (Go) May 4, 2026
lalalala5678 Credited to lalalala5678
Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows... High Unreviewed
CVE-2026-42379 was published Apr 27, 2026
An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed... Moderate Unreviewed
CVE-2026-5512 was published Apr 22, 2026
Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL High
CVE-2026-40161 was published for github.com/tektoncd/pipeline (Go) Apr 21, 2026
kodareef5 Credited to kodareef5, vdemeester, stenzopolis1986-art, and waveywaves vdemeester vdemeester
stenzopolis1986-art stenzopolis1986-art waveywaves waveywaves
HashiCorp Vault May Expose Tokens to Auth Plugins Due to Incorrect Header Sanitization High
CVE-2026-4525 was published for github.com/hashicorp/vault (Go) Apr 17, 2026
A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh... High Unreviewed
CVE-2026-5483 was published Apr 10, 2026
V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP... Critical Unreviewed
CVE-2026-39912 was published Apr 9, 2026
Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal the... Moderate Unreviewed
CVE-2026-39709 was published Apr 8, 2026
Insertion of Sensitive Information Into Sent Data vulnerability in stmcan RT-Theme 18 |... Moderate Unreviewed
CVE-2026-39711 was published Apr 8, 2026
Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq RepairBuddy... Moderate Unreviewed
CVE-2026-39586 was published Apr 8, 2026
Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting... Moderate Unreviewed
CVE-2026-39570 was published Apr 8, 2026
Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for... Moderate Unreviewed
CVE-2026-39542 was published Apr 8, 2026
Insertion of Sensitive Information Into Sent Data vulnerability in sunshinephotocart Sunshine... Moderate Unreviewed
CVE-2026-39564 was published Apr 8, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database