GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
87 advisories
Filter by severity
A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL...
Moderate
Unreviewed
CVE-2026-48615
was published
Jun 26, 2026
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS...
Moderate
Unreviewed
CVE-2025-30459
was published
Jun 11, 2026
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer....
Moderate
Unreviewed
CVE-2026-25699
was published
Jun 9, 2026
HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to...
Moderate
Unreviewed
CVE-2020-25900
was published
Jun 5, 2026
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26.5...
Moderate
Unreviewed
CVE-2026-28963
was published
May 11, 2026
The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0....
Moderate
Unreviewed
CVE-2025-66171
was published
May 8, 2026
The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0....
Moderate
Unreviewed
CVE-2025-66172
was published
May 8, 2026
Ech0 comment model's Email field returned on public /api/comments endpoints
Moderate
GHSA-rj4g-rqgh-rx9h
was published
for
github.com/lin-snow/Ech0
(Go)
May 7, 2026
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and...
Moderate
Unreviewed
CVE-2026-28950
was published
Apr 22, 2026
Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox...
Moderate
Unreviewed
CVE-2026-6765
was published
Apr 21, 2026
LangSmith SDK: Streaming token events bypass output redaction
Moderate
CVE-2026-41182
was published
for
langsmith
(npm)
Apr 16, 2026
SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to...
Moderate
Unreviewed
CVE-2026-24321
was published
Feb 10, 2026
Apache Answer Exposure of Private Personal Information to an Unauthorized Actor vulnerability
Moderate
CVE-2026-24735
was published
for
github.com/apache/answer
(Go)
Feb 4, 2026
Gitea: anonymous user can visit private user's project
Moderate
CVE-2025-68945
was published
for
code.gitea.io/gitea
(Go)
Dec 26, 2025
AVideo versions prior to 20.0 expose sensitive user information through an unauthenticated public...
Moderate
Unreviewed
CVE-2025-34441
was published
Dec 17, 2025
The Brizy – Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in...
Moderate
Unreviewed
CVE-2025-0969
was published
Dec 13, 2025
The SureForms plugin for WordPress is vulnerable to Sensitive Information Exposure in all...
Moderate
Unreviewed
CVE-2025-12536
was published
Nov 13, 2025
IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX...
Moderate
Unreviewed
CVE-2025-36131
was published
Nov 7, 2025
HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application...
Moderate
Unreviewed
CVE-2025-52602
was published
Nov 5, 2025
Exposure of Private Personal Information to an Unauthorized Actor (CWE-359) in the Command Centre...
Moderate
Unreviewed
CVE-2025-35981
was published
Oct 23, 2025
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has a Global...
Moderate
Unreviewed
CVE-2025-62644
was published
Oct 17, 2025
An Exposure of Private Personal Information ('Privacy Violation') vulnerability [CWE-359] in...
Moderate
Unreviewed
CVE-2025-53950
was published
Oct 16, 2025
Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing...
Moderate
Unreviewed
CVE-2025-10859
was published
Sep 30, 2025
A configuration issue was addressed with additional restrictions. This issue is fixed in macOS...
Moderate
Unreviewed
CVE-2025-43310
was published
Sep 16, 2025
A privacy issue was addressed with improved private data redaction for log entries. This issue is...
Moderate
Unreviewed
CVE-2025-43279
was published
Sep 16, 2025
ProTip!
Advisories are also available from the
GraphQL API