GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
338 advisories
Filter by severity
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips...
Moderate
Unreviewed
CVE-2026-49077
was published
Jun 4, 2026
The SAP Gateway allows attackers to inject content into error messages, potentially leading to...
Moderate
Unreviewed
CVE-2026-44749
was published
May 26, 2026
D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated...
High
Unreviewed
CVE-2018-25358
was published
May 26, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in...
Moderate
Unreviewed
CVE-2026-27349
was published
May 21, 2026
An information disclosure vulnerability in the Chronosphere Chronocollector enables an...
Moderate
Unreviewed
CVE-2026-0239
was published
May 13, 2026
An information disclosure vulnerability in Trust Protection Foundation enables an authenticated...
Moderate
Unreviewed
CVE-2026-0240
was published
May 13, 2026
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and...
High
Unreviewed
CVE-2026-43654
was published
May 11, 2026
SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through...
Moderate
Unreviewed
CVE-2026-7864
was published
May 8, 2026
Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that...
Moderate
Unreviewed
CVE-2026-41928
was published
May 8, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in...
Moderate
Unreviewed
CVE-2026-25468
was published
May 7, 2026
Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods
High
CVE-2026-42047
was published
for
inngest
(npm)
May 5, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in...
Moderate
Unreviewed
CVE-2026-42644
was published
Apr 29, 2026
NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component,...
High
Unreviewed
CVE-2026-24222
was published
Apr 28, 2026
Duplicate Advisory: OpenClaw Has a Gateway Control Interface Information Disclosure Vulnerability
Moderate
GHSA-fjm8-mgc9-mf65
was published
for
openclaw
(npm)
Apr 24, 2026
•
withdrawn
Duplicate Advisory: OpenClaw: Gateway hello snapshots exposed host config and state paths to non-admin clients
Moderate
GHSA-r7p2-r9g4-4xph
was published
for
openclaw
(npm)
Apr 24, 2026
•
withdrawn
Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability...
Moderate
Unreviewed
CVE-2026-41459
was published
Apr 22, 2026
Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in...
High
Unreviewed
CVE-2026-34413
was published
Apr 22, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in...
Moderate
Unreviewed
CVE-2026-39686
was published
Apr 8, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in...
Moderate
Unreviewed
CVE-2026-39571
was published
Apr 8, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP...
Moderate
Unreviewed
CVE-2026-39536
was published
Apr 8, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in...
Moderate
Unreviewed
CVE-2026-39516
was published
Apr 8, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in...
Moderate
Unreviewed
CVE-2026-39566
was published
Apr 8, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in...
Moderate
Unreviewed
CVE-2026-39572
was published
Apr 8, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in...
Moderate
Unreviewed
CVE-2026-39469
was published
Apr 8, 2026
An unauthenticated remote attacker can access a configuration file containing database...
Moderate
Unreviewed
CVE-2026-33617
was published
Apr 2, 2026
ProTip!
Advisories are also available from the
GraphQL API