Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

454 advisories

Loading
free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques High
CVE-2026-33192 was published for github.com/free5gc/udm (Go) Mar 18, 2026
free5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscriptions request Moderate
CVE-2026-33065 was published for github.com/free5gc/udm (Go) Mar 18, 2026
A vulnerability was found in Nway Pro 9. It has been rated as problematic. Affected by this issue... Moderate Unreviewed
CVE-2024-2009 was published Feb 29, 2024
loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the... Moderate Unreviewed
CVE-2025-47813 was published Jul 10, 2025
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6,... Moderate Unreviewed
CVE-2023-5617 was published Feb 29, 2024
Apache Superset: Improper error handling on alerts Moderate
CVE-2024-27315 was published for apache-superset (pip) Feb 28, 2024
oscerd Credited to oscerd
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could... Moderate Unreviewed
CVE-2025-13726 was published Mar 13, 2026
ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure... Moderate Unreviewed
CVE-2026-22052 was published Mar 5, 2026
Navtor NavBox allows information disclosure via the /api/ais-data endpoint. A remote,... Moderate Unreviewed
CVE-2026-2752 was published Mar 6, 2026
parse-server: Malformed `$regex` query leaks database error details in API response Moderate
CVE-2026-30835 was published for parse-server (npm) Mar 6, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Detailed... Moderate Unreviewed
CVE-2025-66594 was published Feb 9, 2026
A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4... High Unreviewed
CVE-2025-12773 was published Feb 3, 2026
Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could... Moderate Unreviewed
CVE-2026-23598 was published Feb 17, 2026
Curio exposes database credentials to users with network access through verbose HTTP error responses High
GHSA-gj6x-q8rh-wj6x was published for github.com/filecoin-project/curio (Go) Feb 26, 2026
Apache Airflow error reporting may expose full kwargs Moderate
CVE-2025-65995 was published for apache-airflow (pip) Feb 21, 2026
OpenClaw session tool visibility hardening and Telegram webhook secret fallback Moderate
CVE-2026-27004 was published for openclaw (npm) Feb 18, 2026
aether-ai-agent Credited to aether-ai-agent
Libredesk has a SSRF Vulnerability in Webhooks Moderate
CVE-2026-26957 was published for github.com/abhinavxd/libredesk (Go) Feb 18, 2026
PlayerIUnknown Credited to PlayerIUnknown
IBM Sterling B2B Integrator versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2... Moderate Unreviewed
CVE-2025-36348 was published Feb 18, 2026
A generation of error message containing sensitive information vulnerability has been reported to... High Unreviewed
CVE-2025-62840 was published Jan 2, 2026
IBM Cloud Pak System displays sensitive information in user messages that could aid in further... Moderate Unreviewed
CVE-2023-38010 was published Feb 4, 2026
IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to... Moderate Unreviewed
CVE-2023-38017 was published Feb 4, 2026
IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies... Moderate Unreviewed
CVE-2023-38281 was published Feb 4, 2026
Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation... High Unreviewed
CVE-2025-1395 was published Jan 30, 2026
A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows... Moderate Unreviewed
CVE-2025-52022 was published Jan 23, 2026
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows... Moderate Unreviewed
CVE-2025-52023 was published Jan 23, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database