Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,549
Maven
5,000+
npm
5,000+
NuGet
917
pip
4,798
Pub
13
RubyGems
1,038
Rust
1,237
Swift
53
Unreviewed advisories
All unreviewed
5,000+

620 advisories

Loading
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information... Moderate Unreviewed
CVE-2025-43937 was published Apr 16, 2026
Valtimo: Sensitive data exposure through inbox message logging in InboxHandlingService Moderate
CVE-2026-34164 was published for com.ritense.valtimo:inbox (Maven) Apr 16, 2026
Apache Airflow: JWT token appearing in logs Moderate
CVE-2026-31987 was published for apache-airflow (pip) Apr 16, 2026
LangSmith SDK: Streaming token events bypass output redaction Moderate
GHSA-rr7j-v2q5-chgv was published for langsmith (npm) Apr 16, 2026
Ryu7zz Credited to Ryu7zz
SpiceDB's SPICEDB_DATASTORE_CONN_URI is leaked on startup logs Moderate
CVE-2026-40091 was published for github.com/authzed/spicedb (Go) Apr 14, 2026
miparnisari Credited to miparnisari
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker... Moderate Unreviewed
CVE-2026-32217 was published Apr 14, 2026
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker... Moderate Unreviewed
CVE-2026-32218 was published Apr 14, 2026
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker... Moderate Unreviewed
CVE-2026-32215 was published Apr 14, 2026
Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI Moderate
CVE-2025-66236 was published for apache-airflow (pip) Apr 13, 2026
Hydrosystem Control System saves sensitive information into a log file. Critically, user... Moderate Unreviewed
CVE-2026-4901 was published Apr 9, 2026
kube-router: BGP Peer Passwords Exposed in Logs at Verbose Logging Level Moderate
GHSA-fcmh-qfxc-w685 was published for github.com/cloudnativelabs/kube-router/v2 (Go) Apr 8, 2026
offset Credited to offset
Apache Cassandra has sensitive Information Leak in cqlsh Moderate
CVE-2026-27315 was published for org.apache.cassandra:cassandra-all (Maven) Apr 7, 2026
FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality... Moderate Unreviewed
CVE-2019-25683 was published Apr 5, 2026
Harbor: LDAP password and OIDC secret are not redacted in the audit log Moderate
GHSA-prh4-vhfh-24mj was published for github.com/goharbor/harbor (Go) Mar 26, 2026
IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5... Moderate Unreviewed
CVE-2025-36187 was published Mar 26, 2026
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.7 and... Moderate Unreviewed
CVE-2026-28868 was published Mar 25, 2026
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.7 and... Moderate Unreviewed
CVE-2026-20668 was published Mar 25, 2026
OpenClaw Telegram media fetch errors exposed bot tokens in logged file URLs Moderate
GHSA-xwcj-hwhf-h378 was published for openclaw (npm) Mar 16, 2026
space08 Credited to space08
OpenClaw: Pairing setup codes exposed long-lived shared gateway credentials instead of short-lived bootstrap tokens Moderate
GHSA-7h7g-x2px-94hj was published for openclaw (npm) Mar 13, 2026
lintsinghua Credited to lintsinghua and woreksami woreksami woreksami
OneUptime: Password Reset Token Logged at INFO Level Moderate
CVE-2026-32598 was published for oneuptime (npm) Mar 13, 2026
n0rv-TvT Credited to n0rv-TvT
OliveTin's email argument makes compliance harder, enables log injection Moderate
GHSA-xx6g-43w2-9g6g was published for github.com/OliveTin/OliveTin (Go) Mar 12, 2026
fg0x0 Credited to fg0x0
In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform... Moderate Unreviewed
CVE-2026-20165 was published Mar 11, 2026
An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered... Moderate Unreviewed
CVE-2025-70040 was published Mar 9, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive... Moderate Unreviewed
CVE-2026-1265 was published Mar 3, 2026
Rancher Backup Operator pod's logs leak S3 tokens Moderate
CVE-2025-62879 was published for github.com/rancher/backup-restore-operator (Go) Mar 3, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database