Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,304 advisories

Loading
The My Social Feeds – Social Feeds Embedder plugin for WordPress is vulnerable to Sensitive... Moderate Unreviewed
CVE-2026-6446 was published May 2, 2026
Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected... High Unreviewed
CVE-2026-35155 was published Apr 29, 2026
A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function... Low Unreviewed
CVE-2026-7038 was published Apr 26, 2026
OpenClaw: Workspace dotenv MiniMax host override could redirect credentialed requests Moderate
GHSA-h2vw-ph2c-jvwf was published for openclaw (npm) Apr 25, 2026
nexrin Credited to nexrin
A vulnerability exists in SenseLive X3050’s web management interface in which password updates... Critical Unreviewed
CVE-2026-39462 was published Apr 24, 2026
OpenClaw before 2026.3.31 contains a credential exposure vulnerability in media download... Moderate Unreviewed
CVE-2026-41345 was published Apr 24, 2026
Tanium addressed an information disclosure vulnerability in Tanium Server. Low Unreviewed
CVE-2026-6408 was published Apr 22, 2026
go-git: Credential leak via cross-host redirect in smart HTTP transport Moderate
CVE-2026-41506 was published for github.com/go-git/go-git/v5 (Go) Apr 17, 2026
N0zoM1z0 Credited to N0zoM1z0, AyushParkara, and celinke97 AyushParkara AyushParkara
celinke97 celinke97
Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5,... High Unreviewed
CVE-2025-36568 was published Apr 17, 2026
Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise... Moderate Unreviewed
CVE-2025-15622 was published Apr 17, 2026
Flowise: Sensitive Data Leak in public-chatbotConfig High
CVE-2026-41266 was published for flowise (npm) Apr 16, 2026
DenizParlak Credited to DenizParlak
Kyverno apiCall automatically forwards ServiceAccount token to external endpoints (credential leak) High
GHSA-8wfp-579w-6r25 was published for github.com/kyverno/kyverno (Go) Apr 16, 2026
scumfrog Credited to scumfrog
Dgraph: Unauthenticated /debug/pprof/cmdline discloses admin auth token, enabling unauthorized access to protected Alpha admin endpoints Critical
CVE-2026-40173 was published for github.com/dgraph-io/dgraph (Go) Apr 16, 2026
komi22 Credited to komi22
Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client... Moderate Unreviewed
CVE-2025-15621 was published Apr 16, 2026
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate... High Unreviewed
CVE-2026-32171 was published Apr 14, 2026
A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5... Low Unreviewed
CVE-2026-27316 was published Apr 14, 2026
Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer Moderate Unreviewed
CVE-2026-34262 was published Apr 14, 2026
OpenClaw: Media download follows cross-origin redirects with Authorization headers intact Moderate
GHSA-68v4-hmwv-f43h was published for openclaw (npm) Apr 3, 2026
AntAISecurityLab Credited to AntAISecurityLab
The stored API keys in temporary browser client is not marked as protected allowing for JavScript... High Unreviewed
CVE-2026-35467 was published Apr 2, 2026
In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user... Moderate Unreviewed
CVE-2026-4819 was published Mar 31, 2026
FHIR Validator HTTP service has SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft Critical
CVE-2026-34361 was published for ca.uhn.hapi.fhir:org.hl7.fhir.validation (Maven) Mar 30, 2026
offset Credited to offset
OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup... High Unreviewed
CVE-2026-33575 was published Mar 29, 2026
Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that... High Unreviewed
CVE-2025-15617 was published Mar 27, 2026
Cache misconfiguration vulnerability in OpenText Identity Manager on Windows, Linux allows remote... High Unreviewed
CVE-2025-13478 was published Mar 27, 2026
OpenClaw Exposes Credentials Embedded in baseUrl Fields via config.get and channels.status Moderate
GHSA-ppwq-6v66-5m6j was published for openclaw (npm) Mar 26, 2026
zpbrent Credited to zpbrent
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database