Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,930
Maven
5,000+
npm
4,587
NuGet
786
pip
4,294
Pub
12
RubyGems
981
Rust
1,114
Swift
49
Unreviewed advisories
All unreviewed
5,000+

441 advisories

Loading
IBM Cloud Pak System displays sensitive information in user messages that could aid in further... Moderate Unreviewed
CVE-2023-38010 was published Feb 4, 2026
IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to... Moderate Unreviewed
CVE-2023-38017 was published Feb 4, 2026
IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies... Moderate Unreviewed
CVE-2023-38281 was published Feb 4, 2026
A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4... High Unreviewed
CVE-2025-12773 was published Feb 3, 2026
Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation... High Unreviewed
CVE-2025-1395 was published Jan 30, 2026
A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows... Moderate Unreviewed
CVE-2025-52022 was published Jan 23, 2026
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows... Moderate Unreviewed
CVE-2025-52023 was published Jan 23, 2026
HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose... Low Unreviewed
CVE-2025-55250 was published Jan 19, 2026
The Fancy Product Designer plugin for WordPress is vulnerable to Full Path Disclosure in all... Moderate Unreviewed
CVE-2025-15526 was published Jan 16, 2026
Certain error messages returned by the application expose internal system details that should not... Moderate Unreviewed
CVE-2026-22646 was published Jan 15, 2026
Generation of error message containing sensitive information in Windows Kernel allows an... Moderate Unreviewed
CVE-2026-20838 was published Jan 13, 2026
A generation of error message containing sensitive information vulnerability has been reported to... High Unreviewed
CVE-2025-62840 was published Jan 2, 2026
An information disclosure vulnerability in Kentico Xperience allows attackers to view sensitive... Moderate Unreviewed
CVE-2022-50686 was published Dec 18, 2025
Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to... Moderate Unreviewed
CVE-2025-9122 was published Dec 16, 2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.4.6, 18... Moderate Unreviewed
CVE-2025-13978 was published Dec 11, 2025
IBM Planning Analytics Local 2.1.0 - 2.1.15 could disclose sensitive information about server... Moderate Unreviewed
CVE-2025-36437 was published Dec 10, 2025
Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and... Moderate Unreviewed
CVE-2025-52671 was published Nov 20, 2025
In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by... Moderate Unreviewed
CVE-2025-41076 was published Nov 20, 2025
A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11... Moderate Unreviewed
CVE-2025-54562 was published Nov 14, 2025
Directus Vulnerable to Information Leakage in Existing Collections Moderate
CVE-2025-64749 was published for @directus/api (npm) Nov 13, 2025
sbstn-k kmzs
Credited to sbstn-k and kmzs
A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected... Moderate Unreviewed
CVE-2025-40760 was published Nov 11, 2025
Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error... Moderate Unreviewed
CVE-2025-61959 was published Oct 30, 2025
Error Messages Wrapped In HTTP Header.This issue affects BLU-IC2: through 1.19.5; BLU-IC4:... Moderate Unreviewed
CVE-2025-12365 was published Oct 27, 2025
The router’s inconsistent response to invalid course IDs allowed attackers to infer which course... Moderate Unreviewed
CVE-2025-62397 was published Oct 23, 2025
Actual Sync-server Gocardless service is logging sensitive data including bearer tokens and account numbers Moderate
GHSA-xvp7-8vm8-xfxx was published for @actual-app/sync-server (npm) Oct 20, 2025
StoobertB
Credited to StoobertB
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database