Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,723
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,947
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+

303 advisories

Loading
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in... Moderate Unreviewed
CVE-2026-25468 was published May 7, 2026
Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods High
CVE-2026-42047 was published for inngest (npm) May 5, 2026
benhylak Credited to benhylak
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in... Moderate Unreviewed
CVE-2026-42644 was published Apr 29, 2026
NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component,... High Unreviewed
CVE-2026-24222 was published Apr 28, 2026
Duplicate Advisory: OpenClaw Has a Gateway Control Interface Information Disclosure Vulnerability Moderate
GHSA-fjm8-mgc9-mf65 was published for openclaw (npm) Apr 24, 2026 withdrawn
Duplicate Advisory: OpenClaw: Gateway hello snapshots exposed host config and state paths to non-admin clients Moderate
GHSA-r7p2-r9g4-4xph was published for openclaw (npm) Apr 24, 2026 withdrawn
Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability... Moderate Unreviewed
CVE-2026-41459 was published Apr 22, 2026
Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in... High Unreviewed
CVE-2026-34413 was published Apr 22, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in... Moderate Unreviewed
CVE-2026-39686 was published Apr 8, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP... Moderate Unreviewed
CVE-2026-39536 was published Apr 8, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in... Moderate Unreviewed
CVE-2026-39571 was published Apr 8, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in... Moderate Unreviewed
CVE-2026-39516 was published Apr 8, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in... Moderate Unreviewed
CVE-2026-39566 was published Apr 8, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in... Moderate Unreviewed
CVE-2026-39572 was published Apr 8, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in... Moderate Unreviewed
CVE-2026-39469 was published Apr 8, 2026
An unauthenticated remote attacker can access a configuration file containing database... Moderate Unreviewed
CVE-2026-33617 was published Apr 2, 2026
IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0... Moderate Unreviewed
CVE-2025-36373 was published Apr 1, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in... Moderate Unreviewed
CVE-2026-25344 was published Mar 25, 2026
An authorization issue was addressed with improved state management. This issue is fixed in... Moderate Unreviewed
CVE-2026-20691 was published Mar 25, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in... Moderate Unreviewed
CVE-2026-32405 was published Mar 13, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in... Moderate Unreviewed
CVE-2026-32372 was published Mar 13, 2026
An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an... Moderate Unreviewed
CVE-2026-0231 was published Mar 11, 2026
A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to... Moderate Unreviewed
CVE-2025-41763 was published Mar 9, 2026
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP... Moderate Unreviewed
CVE-2025-13616 was published Mar 3, 2026
Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain. High Unreviewed
CVE-2025-47378 was published Mar 2, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database