Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,080
Maven
5,000+
npm
4,980
NuGet
825
pip
4,417
Pub
12
RubyGems
988
Rust
1,162
Swift
50
Unreviewed advisories
All unreviewed
5,000+

448 advisories

Loading
An information disclosure vulnerability in Kentico Xperience allows attackers to view sensitive... Moderate Unreviewed
CVE-2022-50686 was published Dec 18, 2025
Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to... Moderate Unreviewed
CVE-2025-9122 was published Dec 16, 2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.4.6, 18... Moderate Unreviewed
CVE-2025-13978 was published Dec 11, 2025
IBM Planning Analytics Local 2.1.0 - 2.1.15 could disclose sensitive information about server... Moderate Unreviewed
CVE-2025-36437 was published Dec 10, 2025
In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by... Moderate Unreviewed
CVE-2025-41076 was published Nov 20, 2025
Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and... Moderate Unreviewed
CVE-2025-52671 was published Nov 20, 2025
Directus Vulnerable to Information Leakage in Existing Collections Moderate
CVE-2025-64749 was published for @directus/api (npm) Nov 13, 2025
sbstn-k Credited to sbstn-k and kmzs kmzs kmzs
A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11... Moderate Unreviewed
CVE-2025-54562 was published Nov 14, 2025
A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected... Moderate Unreviewed
CVE-2025-40760 was published Nov 11, 2025
Error Messages Wrapped In HTTP Header.This issue affects BLU-IC2: through 1.19.5; BLU-IC4:... Moderate Unreviewed
CVE-2025-12365 was published Oct 27, 2025
Canonical LXD Project Existence Determination Through Error Handling in Image Get Function Moderate
CVE-2025-54291 was published for github.com/canonical/lxd (Go) Oct 2, 2025
Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0... Moderate Unreviewed
CVE-2025-9229 was published Aug 20, 2025
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information Moderate
CVE-2024-21733 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jan 19, 2024
westonsteimel Credited to westonsteimel
Dev error stack trace leaking into prod in Play Framework Moderate
CVE-2022-31023 was published for com.typesafe.play:play_2.12 (Maven) Jun 3, 2022
BillyAutrey Credited to BillyAutrey, gmethvin, and dontgitit gmethvin gmethvin
dontgitit dontgitit
Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error... Moderate Unreviewed
CVE-2025-61959 was published Oct 30, 2025
The router’s inconsistent response to invalid course IDs allowed attackers to infer which course... Moderate Unreviewed
CVE-2025-62397 was published Oct 23, 2025
The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers... Moderate Unreviewed
CVE-2013-7331 was published May 14, 2022
.NET Framework Information Disclosure Vulnerability High Unreviewed
CVE-2024-29059 was published Mar 23, 2024
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive... High Unreviewed
CVE-2022-35715 was published Aug 11, 2022
Actual Sync-server Gocardless service is logging sensitive data including bearer tokens and account numbers Moderate
GHSA-xvp7-8vm8-xfxx was published for @actual-app/sync-server (npm) Oct 20, 2025
StoobertB Credited to StoobertB
Improper error handling vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter.... Moderate Unreviewed
CVE-2025-40718 was published Jul 8, 2025
ibexa/user login enumerates user accounts Moderate
GHSA-q3x8-6898-23g3 was published for ibexa/user (Composer) Oct 17, 2025
Generation of error message containing sensitive information in Windows USB Video Driver allows... Moderate Unreviewed
CVE-2025-55676 was published Oct 14, 2025
HCL Unica Centralized Offer Management is vulnerable to poor unhandled exceptions which exposes... Low Unreviewed
CVE-2025-31998 was published Oct 12, 2025
@backstage/backend-app-api leaks GitLab access tokens High
CVE-2023-6944 was published for @backstage/backend-app-api (npm) Jan 4, 2024
pfeifferj Credited to pfeifferj
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database