GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
33 advisories
OpenClaw MS Teams inbound attachment downloader leaks bearer tokens to allowlisted suffix domains
Moderate
CVE-2026-28481
was published
for
openclaw
(npm)
Feb 17, 2026
Grav Exposes Password Hashes Leading to privilege escalation
Moderate
CVE-2025-66304
was published
for
getgrav/grav
(Composer)
Dec 2, 2025
Directus's conceal fields are searchable if read permissions enabled
Moderate
CVE-2025-64748
was published
for
@directus/api
(npm)
Nov 13, 2025
Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details
Moderate
CVE-2025-64502
was published
for
parse-server
(npm)
Nov 13, 2025
MantisBT lacks verification when changing a user's email address
Moderate
CVE-2025-55155
was published
for
mantisbt/mantisbt
(Composer)
Nov 3, 2025
Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint
Moderate
CVE-2025-48996
was published
for
@haxtheweb/open-apis
(npm)
Jun 5, 2025
Deno.env.toObject() ignores the variables listed in --deny-env and returns all environment variables
Moderate
CVE-2025-48934
was published
for
deno
(Rust)
Jun 4, 2025
Bullfrog's DNS over TCP bypasses domain filtering
Moderate
CVE-2025-47775
was published
for
bullfrogsec/bullfrog
(GitHub Actions)
May 15, 2025
Pomerium exposed OAuth2 access and ID tokens in user info endpoint response
Moderate
CVE-2024-39315
was published
for
github.com/pomerium/pomerium
(Go)
Jul 5, 2024
Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore
Moderate
CVE-2024-32028
was published
for
OpenTelemetry.Instrumentation.AspNetCore
(NuGet)
Apr 12, 2024
ProTip!
Advisories are also available from the
GraphQL API