Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,722
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,946
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+

91 advisories

Loading
A low privileged remote attacker can gain the root password due to improper removal of sensitive... High Unreviewed
CVE-2024-43384 was published May 7, 2026
ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction Critical
CVE-2026-42880 was published for github.com/argoproj/argo-cd/v3 (Go) May 7, 2026
hoang-prod Credited to hoang-prod
OpenBao's Namespace Deletion May Not Delete Data Properly Low
CVE-2026-42186 was published for github.com/openbao/openbao (Go) May 5, 2026
cipherboy Credited to cipherboy
In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext... High Unreviewed
CVE-2026-43824 was published May 2, 2026
OpenClaw: config.get redaction bypass through sourceConfig and runtimeConfig aliases High
CVE-2026-43528 was published for openclaw (npm) Apr 17, 2026
zsxsoft Credited to zsxsoft, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
Improper removal of sensitive information before storage or transfer in Windows Recovery... Moderate Unreviewed
CVE-2026-20928 was published Apr 14, 2026
Improper removal of sensitive information before storage or transfer vulnerability in The... High Unreviewed
CVE-2026-39937 was published Apr 8, 2026
OpenClaw: SSH-based sandbox backends pass unsanitized process.env to child processes Moderate
GHSA-j9pv-rrcj-6pfx was published for openclaw (npm) Apr 2, 2026
AntAISecurityLab Credited to AntAISecurityLab
Trino: Iceberg REST catalog static and vended credentials are accessible via query JSON High
CVE-2026-34214 was published for io.trino:trino-iceberg (Maven) Mar 29, 2026
findinpath Credited to findinpath, ebyhr, chenjian2664, losipiuk, and findepi ebyhr ebyhr
chenjian2664 chenjian2664 losipiuk losipiuk findepi findepi
OpenClaw Exposes Credentials Embedded in baseUrl Fields via config.get and channels.status Moderate
GHSA-ppwq-6v66-5m6j was published for openclaw (npm) Mar 26, 2026
zpbrent Credited to zpbrent
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18... Moderate Unreviewed
CVE-2026-1182 was published Mar 12, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.6 before 18.7.6, 18... Moderate Unreviewed
CVE-2026-1732 was published Mar 11, 2026
A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register... Low Unreviewed
CVE-2025-8860 was published Feb 18, 2026
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program... Low Unreviewed
CVE-2025-61643 was published Feb 3, 2026
CBORDecoder reuse can leak shareable values across decode calls Moderate
CVE-2025-68131 was published for cbor2 (pip) Dec 31, 2025
andreer Credited to andreer and Pastea Pastea Pastea
URI Credential Leakage Bypass over CVE-2025-27221 Low
CVE-2025-61594 was published for uri (RubyGems) Dec 30, 2025
Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation... Moderate Unreviewed
CVE-2025-14267 was published Dec 19, 2025
SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML... Low Unreviewed
CVE-2025-65000 was published Dec 18, 2025
Grype has a credential disclosure vulnerability in its JSON output High
CVE-2025-65965 was published for github.com/anchore/grype (Go) Nov 25, 2025
chisui Credited to chisui
Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow... Moderate Unreviewed
CVE-2025-62483 was published Nov 13, 2025
Weblate leaks the IP of project member inviting user to be reviewer in Audit log Low
CVE-2025-64326 was published for weblate (pip) Nov 5, 2025
jermanuts Credited to jermanuts and nijel nijel nijel
Ansible does not collect garbage after playbook run Moderate
CVE-2020-25635 was published for ansible (pip) Oct 31, 2025
Shopware exposes sensitive user information via CSV export mapping Moderate
GHSA-27c9-vp3w-6ww8 was published for shopware/core (Composer) Oct 21, 2025
larskemper Credited to larskemper
Improper removal of sensitive information before storage or transfer in AMD Crash Defender could... Low Unreviewed
CVE-2025-0011 was published Sep 6, 2025
XWiki PDF export jobs store sensitive cookies unencrypted in job statuses Moderate
CVE-2025-58049 was published for org.xwiki.platform:xwiki-platform-export-pdf-api (Maven) Aug 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database