Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

60 advisories

Loading
Sensitive server_token exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers... Moderate Unreviewed
CVE-2026-37504 was published May 1, 2026
Apache OpenMeetings Uses GET Request Method With Sensitive Query Strings High
CVE-2026-34020 was published for org.apache.openmeetings:openmeetings-parent (Maven) Apr 9, 2026
Nhost Leaks Refresh Tokens via URL Query Parameter in OAuth Provider Callback Low
CVE-2026-34969 was published for github.com/nhost/nhost (Go) Apr 1, 2026
0xkakash1 Credited to 0xkakash1
openssl-encrypt accepts refresh tokens as URL query parameters causing token leakage Moderate
GHSA-4rh7-jwg9-m28m was published for openssl-encrypt (pip) Apr 1, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain... Low Unreviewed
CVE-2025-14808 was published Mar 25, 2026
PinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary Systems Moderate
CVE-2026-33620 was published for github.com/pinchtab/pinchtab (Go) Mar 24, 2026
mean3374 Credited to mean3374
An attacker can extract user email addresses (PII) exposed in base64 encoding via the state... Moderate Unreviewed
CVE-2026-31381 was published Mar 20, 2026
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could... Low Unreviewed
CVE-2025-14811 was published Mar 13, 2026
IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This... Moderate Unreviewed
CVE-2025-13219 was published Mar 10, 2026
An unauthenticated remote attacker can obtain valid session tokens because they are exposed in... High Unreviewed
CVE-2025-41772 was published Mar 9, 2026
Gogs: Access tokens get exposed through URL params in API requests Moderate
CVE-2026-26196 was published for gogs.io/gogs (Go) Mar 5, 2026
rezmoss Credited to rezmoss
An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The... Moderate Unreviewed
CVE-2025-59873 was published Feb 23, 2026
An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote... High Unreviewed
CVE-2026-26721 was published Feb 20, 2026
Certain requests pass the authentication token in the URL as string query parameter, making it... Moderate Unreviewed
CVE-2026-22644 was published Jan 15, 2026
Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps... Low Unreviewed
CVE-2025-69270 was published Jan 12, 2026
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the... Moderate Unreviewed
CVE-2025-36371 was published Nov 19, 2025
HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP... Moderate Unreviewed
CVE-2025-31954 was published Nov 5, 2025
Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions <2.4... Low Unreviewed
CVE-2025-32916 was published Oct 9, 2025
In the HTTP request, the username and password are transferred directly in the URL as parameters.... Moderate Unreviewed
CVE-2025-58584 was published Oct 6, 2025
An issue in DirectAdmin v1.680 allows unauthorized attackers to manipulate the page layout and... High Unreviewed
CVE-2025-56551 was published Oct 3, 2025
An issue in Perplexity AI GPT-4 allows a remote attacker to obtain sensitive information via a... Moderate Unreviewed
CVE-2025-50709 was published Sep 17, 2025
QuickCMS sends password and login via GET Request. This allows a local attacker with access to... Moderate Unreviewed
CVE-2025-54542 was published Aug 28, 2025
An Information Exposure vulnerability has been identified in OpenText Enterprise Security Manager... Moderate Unreviewed
CVE-2025-8997 was published Aug 25, 2025
An authenticated arbitrary file download vulnerability in the component /admin/Backups.php of... Moderate Unreviewed
CVE-2025-51651 was published Jul 14, 2025
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 ... Moderate Unreviewed
CVE-2025-40742 was published Jul 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database