Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,732
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,952
Pub
13
RubyGems
1,055
Rust
1,343
Swift
54
Unreviewed advisories
All unreviewed
5,000+

1,312 advisories

Loading
HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials for a... Moderate Unreviewed
CVE-2025-31976 was published May 6, 2026
HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure “Input Text”... Low Unreviewed
CVE-2025-62345 was published May 6, 2026
A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service'... Moderate Unreviewed
CVE-2026-23927 was published May 6, 2026
gix-transport: HTTP credentials leaked to redirected host in curl backend Moderate
GHSA-9857-6mw7-fq2m was published for gix-transport (Rust) May 5, 2026
sammiee5311 Credited to sammiee5311
Argo vulnerable to exposure of artifact repository credentials High
CVE-2026-42295 was published for github.com/argoproj/argo-workflows/v4 (Go) May 4, 2026
Masamuneee Credited to Masamuneee, Joibel, and isubasinghe Joibel Joibel
isubasinghe isubasinghe
A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of... Moderate Unreviewed
CVE-2026-42367 was published May 4, 2026
The My Social Feeds – Social Feeds Embedder plugin for WordPress is vulnerable to Sensitive... Moderate Unreviewed
CVE-2026-6446 was published May 2, 2026
Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected... High Unreviewed
CVE-2026-35155 was published Apr 29, 2026
A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function... Low Unreviewed
CVE-2026-7038 was published Apr 26, 2026
OpenClaw: Workspace dotenv MiniMax host override could redirect credentialed requests Moderate
GHSA-h2vw-ph2c-jvwf was published for openclaw (npm) Apr 25, 2026
nexrin Credited to nexrin
A vulnerability exists in SenseLive X3050’s web management interface in which password updates... Critical Unreviewed
CVE-2026-39462 was published Apr 24, 2026
OpenClaw before 2026.3.31 contains a credential exposure vulnerability in media download... Moderate Unreviewed
CVE-2026-41345 was published Apr 24, 2026
Tanium addressed an information disclosure vulnerability in Tanium Server. Low Unreviewed
CVE-2026-6408 was published Apr 22, 2026
go-git: Credential leak via cross-host redirect in smart HTTP transport Moderate
CVE-2026-41506 was published for github.com/go-git/go-git/v5 (Go) Apr 17, 2026
N0zoM1z0 Credited to N0zoM1z0, AyushParkara, and celinke97 AyushParkara AyushParkara
celinke97 celinke97
Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5,... High Unreviewed
CVE-2025-36568 was published Apr 17, 2026
Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise... Moderate Unreviewed
CVE-2025-15622 was published Apr 17, 2026
Flowise: Sensitive Data Leak in public-chatbotConfig High
CVE-2026-41266 was published for flowise (npm) Apr 16, 2026
DenizParlak Credited to DenizParlak
Kyverno apiCall automatically forwards ServiceAccount token to external endpoints (credential leak) High
GHSA-8wfp-579w-6r25 was published for github.com/kyverno/kyverno (Go) Apr 16, 2026
scumfrog Credited to scumfrog
Dgraph: Unauthenticated /debug/pprof/cmdline discloses admin auth token, enabling unauthorized access to protected Alpha admin endpoints Critical
CVE-2026-40173 was published for github.com/dgraph-io/dgraph (Go) Apr 16, 2026
komi22 Credited to komi22
Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client... Moderate Unreviewed
CVE-2025-15621 was published Apr 16, 2026
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate... High Unreviewed
CVE-2026-32171 was published Apr 14, 2026
A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5... Low Unreviewed
CVE-2026-27316 was published Apr 14, 2026
A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0... Moderate Unreviewed
CVE-2026-22576 was published Apr 14, 2026
A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0... Moderate Unreviewed
CVE-2026-22574 was published Apr 14, 2026
Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer Moderate Unreviewed
CVE-2026-34262 was published Apr 14, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database