Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

1,913 advisories

Loading
A privacy issue was addressed with improved checks. This issue is fixed in watchOS 26.3, tvOS 26... High Unreviewed
CVE-2026-20641 was published Feb 12, 2026
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.3... High Unreviewed
CVE-2026-20606 was published Feb 12, 2026
An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted... High Unreviewed
CVE-2024-26477 was published Feb 11, 2026
Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an... High Unreviewed
CVE-2026-21260 was published Feb 10, 2026
The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all... High Unreviewed
CVE-2026-2268 was published Feb 10, 2026
MCP-Salesforce's arbitrary attribute access leads to disclosure of Salesforce auth token High
CVE-2026-25650 was published for mcp-salesforce-connector (pip) Feb 6, 2026
Azure Function Information Disclosure Vulnerability High Unreviewed
CVE-2026-21532 was published Feb 6, 2026
n8n's Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner High
CVE-2025-61917 was published for n8n (npm) Feb 4, 2026
Decidim's private data exports can lead to data leaks High
CVE-2025-65017 was published for decidim (RubyGems) Feb 3, 2026
ahukkanen
Credited to ahukkanen
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AKCE Software... High Unreviewed
CVE-2025-8590 was published Feb 3, 2026
An issue in continuous.software aangine v.2025.2 allows a remote attacker to obtain sensitive... High Unreviewed
CVE-2025-67274 was published Jan 26, 2026
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the... High Unreviewed
CVE-2025-52026 was published Jan 23, 2026
Exposure of sensitive information to an unauthorized actor in Azure Data Explorer allows an... High Unreviewed
CVE-2026-21524 was published Jan 23, 2026
An issue in Atomberg Atomberg Erica Smart Fan Firmware Version: V1.0.36 allows an attacker to... High Unreviewed
CVE-2025-69822 was published Jan 22, 2026
Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: User and User... High Unreviewed
CVE-2026-21940 was published Jan 21, 2026
An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint... High Unreviewed
CVE-2025-69581 was published Jan 16, 2026
Apache Airflow secrets in rendered templates could contain parts of sensitive values when truncated High
CVE-2025-68438 was published for apache-airflow (pip) Jan 16, 2026
KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configuration management. Once any... High Unreviewed
CVE-2025-68719 was published Jan 8, 2026
Shakapacker has environment variable leak via EnvironmentPlugin that exposes secrets to client-side bundles High
GHSA-96qw-h329-v5rg was published for shakapacker (RubyGems) Jan 8, 2026
The MoneySpace plugin for WordPress is vulnerable to Sensitive Information Exposure in all... High Unreviewed
CVE-2025-13371 was published Jan 7, 2026
A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800... High Unreviewed
CVE-2025-20336 was published Jan 5, 2026
DVP-12SE11T - Authentication Bypass via Partial Password Disclosure High Unreviewed
CVE-2025-15103 was published Dec 30, 2025
Exposure of Sensitive Information to an Unauthorized Actor, Missing Encryption of Sensitive Data,... High Unreviewed
CVE-2025-15065 was published Dec 29, 2025
Senstar Symphony FetchStoredLicense Information Disclosure Vulnerability. This vulnerability... High Unreviewed
CVE-2025-12491 was published Dec 24, 2025
Insecure permissions in the /api/v1/agents API of GT Edge AI Platform before v2.0.10-dev allows... High Unreviewed
CVE-2025-63662 was published Dec 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database