GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
171 advisories
Filter by severity
Exposure of private personal information to an unauthorized actor in Microsoft Defender allows an...
Moderate
Unreviewed
CVE-2026-50657
was published
Jul 14, 2026
9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability...
High
Unreviewed
CVE-2026-62328
was published
Jul 14, 2026
Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android...
High
Unreviewed
CVE-2026-58297
was published
Jul 3, 2026
Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android...
High
Unreviewed
CVE-2026-58296
was published
Jul 3, 2026
Hi.Events through 1.9.0 public check-in list endpoints use short_id as sole access control,...
High
Unreviewed
CVE-2026-57960
was published
Jun 29, 2026
phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that...
High
Unreviewed
CVE-2026-56124
was published
Jun 29, 2026
A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL...
Moderate
Unreviewed
CVE-2026-48615
was published
Jun 26, 2026
Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that...
High
Unreviewed
CVE-2019-25762
was published
Jun 19, 2026
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers...
High
Unreviewed
CVE-2026-26237
was published
Jun 10, 2026
@angular/service-worker: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker
High
CVE-2026-54264
was published
for
@angular/service-worker
(npm)
Jun 15, 2026
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS...
Moderate
Unreviewed
CVE-2025-30459
was published
Jun 11, 2026
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer....
Moderate
Unreviewed
CVE-2026-25699
was published
Jun 9, 2026
Angular is Vulnerable to XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client
High
CVE-2025-66035
was published
for
@angular/common
(npm)
Nov 26, 2025
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit...
High
Unreviewed
CVE-2025-1030
was published
Dec 18, 2025
HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to...
Moderate
Unreviewed
CVE-2020-25900
was published
Jun 5, 2026
Files or Directories Accessible to External Parties, Exposure of Private Personal Information to...
High
Unreviewed
CVE-2025-11959
was published
Nov 11, 2025
Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System...
Critical
Unreviewed
CVE-2025-15623
was published
Apr 17, 2026
Authorization Bypass Through User-Controlled Key, Exposure of Private Personal Information to an...
High
Unreviewed
CVE-2024-11216
was published
Mar 5, 2025
phpMyFAQ: Missing Password Reset Token Allows Account Takeover via Username/Email Enumeration
High
CVE-2026-35675
was published
for
phpmyfaq/phpmyfaq
(Composer)
May 20, 2026
This issue was addressed with improved redaction of sensitive information. This issue is fixed in...
Low
Unreviewed
CVE-2025-43357
was published
Sep 16, 2025
XWiki Platform's Livetable results still allow reconstructing password hashes using 768 requests
High
CVE-2026-48048
was published
for
org.xwiki.platform:xwiki-platform-livetable-ui
(Maven)
May 26, 2026
Exposure of private personal information to an unauthorized actor, Insufficiently Protected...
High
Unreviewed
CVE-2025-13477
was published
May 21, 2026
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Botanik Software...
High
Unreviewed
CVE-2023-5983
was published
Nov 22, 2023
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and...
Moderate
Unreviewed
CVE-2026-28950
was published
Apr 22, 2026
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26.5...
Moderate
Unreviewed
CVE-2026-28963
was published
May 11, 2026
ProTip!
Advisories are also available from the
GraphQL API