Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,580
Maven
5,000+
npm
5,000+
NuGet
919
pip
4,816
Pub
13
RubyGems
1,043
Rust
1,251
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,297 advisories

Loading
Tanium addressed an information disclosure vulnerability in Tanium Server. Low Unreviewed
CVE-2026-6408 was published Apr 22, 2026
go-git: Credential leak via cross-host redirect in smart HTTP transport Moderate
GHSA-3xc5-wrhm-f963 was published for github.com/go-git/go-git/v5 (Go) Apr 17, 2026
N0zoM1z0 Credited to N0zoM1z0, AyushParkara, and celinke97 AyushParkara AyushParkara
celinke97 celinke97
Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5,... High Unreviewed
CVE-2025-36568 was published Apr 17, 2026
Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise... Moderate Unreviewed
CVE-2025-15622 was published Apr 17, 2026
Flowise: Sensitive Data Leak in public-chatbotConfig High
GHSA-4jpm-cgx2-8h37 was published for flowise (npm) Apr 16, 2026
DenizParlak Credited to DenizParlak
Kyverno apiCall automatically forwards ServiceAccount token to external endpoints (credential leak) High
GHSA-8wfp-579w-6r25 was published for github.com/kyverno/kyverno (Go) Apr 16, 2026
scumfrog Credited to scumfrog
Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client... Moderate Unreviewed
CVE-2025-15621 was published Apr 16, 2026
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate... High Unreviewed
CVE-2026-32171 was published Apr 14, 2026
A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5... Low Unreviewed
CVE-2026-27316 was published Apr 14, 2026
Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer Moderate Unreviewed
CVE-2026-34262 was published Apr 14, 2026
OpenClaw: Media download follows cross-origin redirects with Authorization headers intact Moderate
GHSA-68v4-hmwv-f43h was published for openclaw (npm) Apr 3, 2026
AntAISecurityLab Credited to AntAISecurityLab
The stored API keys in temporary browser client is not marked as protected allowing for JavScript... High Unreviewed
CVE-2026-35467 was published Apr 2, 2026
In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user... Moderate Unreviewed
CVE-2026-4819 was published Mar 31, 2026
FHIR Validator HTTP service has SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft Critical
CVE-2026-34361 was published for ca.uhn.hapi.fhir:org.hl7.fhir.validation (Maven) Mar 30, 2026
offset Credited to offset
OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup... High Unreviewed
CVE-2026-33575 was published Mar 29, 2026
Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that... High Unreviewed
CVE-2025-15617 was published Mar 27, 2026
Cache misconfiguration vulnerability in OpenText Identity Manager on Windows, Linux allows remote... High Unreviewed
CVE-2025-13478 was published Mar 27, 2026
OpenClaw Exposes Credentials Embedded in baseUrl Fields via config.get and channels.status Moderate
GHSA-ppwq-6v66-5m6j was published for openclaw (npm) Mar 26, 2026
zpbrent Credited to zpbrent
Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URL Moderate
CVE-2026-33182 was published for saloonphp/saloon (Composer) Mar 25, 2026
HuajiHD Credited to HuajiHD, JonPurvis, and Sammyjo20 JonPurvis JonPurvis
Sammyjo20 Sammyjo20
IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to... Moderate Unreviewed
CVE-2025-36440 was published Mar 25, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain... Moderate Unreviewed
CVE-2025-14790 was published Mar 25, 2026
Exposure of session signing secret in Checkmk <2.4.0p23, <2.3.0p45 and 2.2.0 allows an... High Unreviewed
CVE-2025-64998 was published Mar 24, 2026
Duplicate Advisory: OpenClaw reuses the gateway auth token in the owner ID prompt hashing fallback Low
GHSA-8mr2-f9wf-hcfq was published for openclaw (npm) Mar 21, 2026 withdrawn
Charging station authentication identifiers are publicly accessible via web-based mapping platforms. Moderate Unreviewed
CVE-2026-31926 was published Mar 21, 2026
Charging station authentication identifiers are publicly accessible via web-based mapping platforms. Moderate Unreviewed
CVE-2026-28204 was published Mar 21, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database