Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,781
Maven
5,000+
npm
4,386
NuGet
772
pip
4,164
Pub
12
RubyGems
965
Rust
1,073
Swift
45
Unreviewed advisories
All unreviewed
5,000+

427 advisories

Loading
An information disclosure vulnerability in Kentico Xperience allows attackers to view sensitive... Moderate Unreviewed
CVE-2022-50686 was published Dec 18, 2025
Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to... Moderate Unreviewed
CVE-2025-9122 was published Dec 16, 2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.4.6, 18... Moderate Unreviewed
CVE-2025-13978 was published Dec 11, 2025
IBM Planning Analytics Local 2.1.0 - 2.1.15 could disclose sensitive information about server... Moderate Unreviewed
CVE-2025-36437 was published Dec 10, 2025
Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and... Moderate Unreviewed
CVE-2025-52671 was published Nov 20, 2025
In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by... Moderate Unreviewed
CVE-2025-41076 was published Nov 20, 2025
A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11... Moderate Unreviewed
CVE-2025-54562 was published Nov 14, 2025
Directus Vulnerable to Information Leakage in Existing Collections Moderate
CVE-2025-64749 was published for @directus/api (npm) Nov 13, 2025
sbstn-k kmzs
Credited to sbstn-k and kmzs
A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected... Moderate Unreviewed
CVE-2025-40760 was published Nov 11, 2025
Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error... Moderate Unreviewed
CVE-2025-61959 was published Oct 30, 2025
Error Messages Wrapped In HTTP Header.This issue affects BLU-IC2: through 1.19.5; BLU-IC4:... Moderate Unreviewed
CVE-2025-12365 was published Oct 27, 2025
The router’s inconsistent response to invalid course IDs allowed attackers to infer which course... Moderate Unreviewed
CVE-2025-62397 was published Oct 23, 2025
Actual Sync-server Gocardless service is logging sensitive data including bearer tokens and account numbers Moderate
GHSA-xvp7-8vm8-xfxx was published for @actual-app/sync-server (npm) Oct 20, 2025
StoobertB
Credited to StoobertB
ibexa/user login enumerates user accounts Moderate
GHSA-q3x8-6898-23g3 was published for ibexa/user (Composer) Oct 17, 2025
Generation of error message containing sensitive information in Windows USB Video Driver allows... Moderate Unreviewed
CVE-2025-55676 was published Oct 14, 2025
HCL Unica Centralized Offer Management is vulnerable to poor unhandled exceptions which exposes... Low Unreviewed
CVE-2025-31998 was published Oct 12, 2025
Canonical LXD Project Existence Determination Through Error Handling in Image Get Function Moderate
CVE-2025-54291 was published for github.com/canonical/lxd (Go) Oct 2, 2025
Dell Crypto-J generates an error message that includes sensitive information about its... Moderate Unreviewed
CVE-2025-26333 was published Sep 25, 2025
Generation of error message containing sensitive information in Windows Kernel allows an... Moderate Unreviewed
CVE-2025-53803 was published Sep 9, 2025
Liferay Portal and Liferay DXP vulnerable to store Cross-site Scripting Moderate
CVE-2025-43776 was published for com.liferay.portal:release.dxp.bom (Maven) Sep 9, 2025
TYPO3 CMS exposes sensitive information in an error message Moderate
CVE-2025-59016 was published for typo3/cms-core (Composer) Sep 9, 2025
Liferay Portal exposes 500 status when attempting login with a deleted client secret Moderate
CVE-2025-43777 was published for com.liferay:com.liferay.portal.security.sso.openid.connect.impl (Maven) Sep 9, 2025
In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a... Moderate Unreviewed
CVE-2025-48562 was published Sep 4, 2025
IBM Security Verify Governance Identity Manager 10.0.2 could allow a remote attacker to obtain... High Unreviewed
CVE-2025-36003 was published Aug 28, 2025
Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0... Moderate Unreviewed
CVE-2025-9229 was published Aug 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database