Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,051
Maven
5,000+
npm
4,791
NuGet
825
pip
4,389
Pub
12
RubyGems
988
Rust
1,145
Swift
50
Unreviewed advisories
All unreviewed
5,000+

448 advisories

Loading
Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could... Moderate Unreviewed
CVE-2026-23598 was published Feb 17, 2026
Curio exposes database credentials to users with network access through verbose HTTP error responses High
GHSA-gj6x-q8rh-wj6x was published for github.com/filecoin-project/curio (Go) Feb 26, 2026
Apache Airflow error reporting may expose full kwargs Moderate
CVE-2025-65995 was published for apache-airflow (pip) Feb 21, 2026
OpenClaw session tool visibility hardening and Telegram webhook secret fallback Moderate
CVE-2026-27004 was published for openclaw (npm) Feb 18, 2026
aether-ai-agent Credited to aether-ai-agent
Libredesk has a SSRF Vulnerability in Webhooks Moderate
CVE-2026-26957 was published for github.com/abhinavxd/libredesk (Go) Feb 18, 2026
PlayerIUnknown Credited to PlayerIUnknown
IBM Sterling B2B Integrator versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2... Moderate Unreviewed
CVE-2025-36348 was published Feb 18, 2026
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Detailed... Moderate Unreviewed
CVE-2025-66594 was published Feb 9, 2026
A generation of error message containing sensitive information vulnerability has been reported to... High Unreviewed
CVE-2025-62840 was published Jan 2, 2026
IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to... Moderate Unreviewed
CVE-2023-38017 was published Feb 4, 2026
IBM Cloud Pak System displays sensitive information in user messages that could aid in further... Moderate Unreviewed
CVE-2023-38010 was published Feb 4, 2026
IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies... Moderate Unreviewed
CVE-2023-38281 was published Feb 4, 2026
A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4... High Unreviewed
CVE-2025-12773 was published Feb 3, 2026
Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation... High Unreviewed
CVE-2025-1395 was published Jan 30, 2026
A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows... Moderate Unreviewed
CVE-2025-52022 was published Jan 23, 2026
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows... Moderate Unreviewed
CVE-2025-52023 was published Jan 23, 2026
ClickHouse vulnerable to client certificate password exposure in client exception Moderate
CVE-2024-23689 was published for com.clickhouse:clickhouse-client (Maven) May 12, 2023
Duplicate Advisory: Exposure of sensitive information in ClickHouse High
GHSA-3p77-wg4c-qm24 was published for com.clickhouse:clickhouse-client (Maven) Jan 19, 2024 withdrawn
HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose... Low Unreviewed
CVE-2025-55250 was published Jan 19, 2026
The Fancy Product Designer plugin for WordPress is vulnerable to Full Path Disclosure in all... Moderate Unreviewed
CVE-2025-15526 was published Jan 16, 2026
Certain error messages returned by the application expose internal system details that should not... Moderate Unreviewed
CVE-2026-22646 was published Jan 15, 2026
In x86's APIC (Advanced Programmable Interrupt Controller) architecture, error conditions are... High Unreviewed
CVE-2024-45817 was published Sep 25, 2024
Generation of error message containing sensitive information in Windows Kernel allows an... Moderate Unreviewed
CVE-2026-20838 was published Jan 13, 2026
Infinispan CLI vulnerable to Generation of Error Message Containing Sensitive Information Moderate
CVE-2025-5731 was published for org.infinispan:infinispan-cli-client (Maven) Jun 27, 2025
In the Linux kernel, the following vulnerability has been resolved: btrfs: send: handle path ref... Low Unreviewed
CVE-2024-35935 was published May 19, 2024
Liferay Portal and Liferay DXP vulnerable to store Cross-site Scripting Moderate
CVE-2025-43776 was published for com.liferay.portal:release.dxp.bom (Maven) Sep 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database