Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,538
Maven
5,000+
npm
5,000+
NuGet
914
pip
4,790
Pub
13
RubyGems
1,037
Rust
1,232
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,017 advisories

Loading
Dell PowerProtect Data Domain appliances with Data Domain Operating System (DD OS) of Feature... High Unreviewed
CVE-2026-23775 was published Apr 17, 2026
Meridian: Multiple defense-in-depth gaps (collection/depth caps, telemetry, retry, fan-out) High
GHSA-f5v8-v6q3-q4h6 was published for Meridian.Mapping (NuGet) Apr 16, 2026
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information... Moderate Unreviewed
CVE-2025-43937 was published Apr 16, 2026
Valtimo: Sensitive data exposure through inbox message logging in InboxHandlingService Moderate
CVE-2026-34164 was published for com.ritense.valtimo:inbox (Maven) Apr 16, 2026
Apache Airflow: JWT token appearing in logs Moderate
CVE-2026-31987 was published for apache-airflow (pip) Apr 16, 2026
LangSmith SDK: Streaming token events bypass output redaction Moderate
GHSA-rr7j-v2q5-chgv was published for langsmith (npm) Apr 16, 2026
Ryu7zz Credited to Ryu7zz
In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk... High Unreviewed
CVE-2026-20205 was published Apr 15, 2026
Oxia exposes bearer token in debug log messages on authentication failure High
GHSA-pm7q-rjjx-979p was published for github.com/oxia-db/oxia (Go) Apr 14, 2026
SpiceDB's SPICEDB_DATASTORE_CONN_URI is leaked on startup logs Moderate
CVE-2026-40091 was published for github.com/authzed/spicedb (Go) Apr 14, 2026
miparnisari Credited to miparnisari
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker... Moderate Unreviewed
CVE-2026-32217 was published Apr 14, 2026
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker... Moderate Unreviewed
CVE-2026-32218 was published Apr 14, 2026
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker... Moderate Unreviewed
CVE-2026-32215 was published Apr 14, 2026
A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific... High Unreviewed
CVE-2026-0207 was published Apr 14, 2026
CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause ... Low Unreviewed
CVE-2026-2401 was published Apr 14, 2026
Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI Moderate
CVE-2025-66236 was published for apache-airflow (pip) Apr 13, 2026
Apache Tomcat vulnerable to Insertion of Sensitive Information into Log File High
CVE-2026-34487 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 9, 2026
Hydrosystem Control System saves sensitive information into a log file. Critically, user... Moderate Unreviewed
CVE-2026-4901 was published Apr 9, 2026
Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4... High Unreviewed
CVE-2026-28261 was published Apr 8, 2026
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that... High Unreviewed
CVE-2026-4788 was published Apr 8, 2026
kube-router: BGP Peer Passwords Exposed in Logs at Verbose Logging Level Moderate
GHSA-fcmh-qfxc-w685 was published for github.com/cloudnativelabs/kube-router/v2 (Go) Apr 8, 2026
offset Credited to offset
Apache Cassandra has sensitive Information Leak in cqlsh Moderate
CVE-2026-27315 was published for org.apache.cassandra:cassandra-all (Maven) Apr 7, 2026
FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality... Moderate Unreviewed
CVE-2019-25683 was published Apr 5, 2026
OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the... High Unreviewed
CVE-2026-32982 was published Mar 31, 2026
Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in... High Unreviewed
CVE-2024-11604 was published Mar 27, 2026
Harbor: LDAP password and OIDC secret are not redacted in the audit log Moderate
GHSA-prh4-vhfh-24mj was published for github.com/goharbor/harbor (Go) Mar 26, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database