GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
35 advisories
Filter by severity
@angular/service-worker: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker
High
CVE-2026-54264
was published
for
@angular/service-worker
(npm)
Jun 15, 2026
XWiki Platform's Livetable results still allow reconstructing password hashes using 768 requests
High
CVE-2026-48048
was published
for
org.xwiki.platform:xwiki-platform-livetable-ui
(Maven)
May 26, 2026
phpMyFAQ: Missing Password Reset Token Allows Account Takeover via Username/Email Enumeration
High
CVE-2026-35675
was published
for
phpmyfaq/phpmyfaq
(Composer)
May 20, 2026
Ech0 comment model's Email field returned on public /api/comments endpoints
Moderate
GHSA-rj4g-rqgh-rx9h
was published
for
github.com/lin-snow/Ech0
(Go)
May 7, 2026
LangSmith SDK: Streaming token events bypass output redaction
Moderate
CVE-2026-41182
was published
for
langsmith
(npm)
Apr 16, 2026
Keycloak: Information disclosure of disabled user attributes via administrative endpoint
Low
CVE-2026-3911
was published
for
org.keycloak:keycloak-services
(Maven)
Mar 11, 2026
Apache Answer Exposure of Private Personal Information to an Unauthorized Actor vulnerability
Moderate
CVE-2026-24735
was published
for
github.com/apache/answer
(Go)
Feb 4, 2026
Gitea: anonymous user can visit private user's project
Moderate
CVE-2025-68945
was published
for
code.gitea.io/gitea
(Go)
Dec 26, 2025
Angular is Vulnerable to XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client
High
CVE-2025-66035
was published
for
@angular/common
(npm)
Nov 26, 2025
Presta Shop vulnerable to email enumeration
Moderate
CVE-2025-51586
was published
for
prestashop/prestashop
(Composer)
Sep 4, 2025
XWiki exposes passwords and emails stored in fields not named password/email in xml.vm
High
CVE-2025-54125
was published
for
org.xwiki.platform:xwiki-platform-legacy-oldcore
(Maven)
Aug 5, 2025
XWiki leaks password hashes and other accessible password properties
High
CVE-2025-54124
was published
for
org.xwiki.platform:xwiki-platform-legacy-oldcore
(Maven)
Aug 5, 2025
DynamicPageList3 vulnerability exposes hidden/suppressed usernames
High
CVE-2025-53625
was published
for
universal-omega/dynamic-page-list3
(Composer)
Jul 10, 2025
Weblate exposes personal IP address via e-mail
Low
CVE-2025-49134
was published
for
weblate
(pip)
Jun 16, 2025
Updatecli exposes Maven credentials in console output
High
CVE-2025-24355
was published
for
github.com/updatecli/updatecli
(Go)
Jan 24, 2025
org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users
Moderate
CVE-2024-46979
was published
for
org.xwiki.platform:xwiki-platform-notifications-ui
(Maven)
Sep 18, 2024
XWiki Platform document history including authors of any page exposed to unauthorized actors
Moderate
CVE-2024-45591
was published
for
org.xwiki.platform:xwiki-platform-rest-server
(Maven)
Sep 10, 2024
Matrix SDK for React's URL preview setting for a room is controllable by the homeserver
Moderate
CVE-2024-42347
was published
for
matrix-react-sdk
(npm)
Aug 6, 2024
Saleor: Customers' addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method
Moderate
CVE-2024-29888
was published
for
saleor
(pip)
Mar 28, 2024
Nautobot vulnerable to exposure of hashed user passwords via REST API
High
CVE-2023-46128
was published
for
nautobot
(pip)
Oct 24, 2023
XWiki Platform may show email addresses in clear in REST results
High
CVE-2023-35151
was published
for
org.xwiki.platform:xwiki-platform-rest-server
(Maven)
Jun 20, 2023
Information exposure in microweber
Moderate
CVE-2023-2239
was published
for
microweber/microweber
(Composer)
Apr 22, 2023
Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm
Low
CVE-2023-29203
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Apr 12, 2023
Exposure of Private Personal Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-rest-server
Moderate
CVE-2022-41936
was published
for
org.xwiki.platform:xwiki-platform-rest-server
(Maven)
Nov 21, 2022
ProTip!
Advisories are also available from the
GraphQL API