Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

735 advisories

Loading
Steeltoe: TLS private keys written to /tmp with default permissions, never deleted Moderate
CVE-2026-50267 was published for Steeltoe.Configuration.Abstractions (NuGet) Jul 2, 2026
nebula-mesh's stores enrollment tokens unhashed in SQLite Moderate
GHSA-ghmh-jhmj-wcmf was published for github.com/juev/nebula-mesh (Go) Jun 22, 2026
ak2k Credited to ak2k
Grav: Admin Backup Zip File Exposes Account Credentials and Configuration Secrets Moderate
CVE-2026-55885 was published for getgrav/grav (Composer) Jun 18, 2026
nicl4ssic Credited to nicl4ssic
Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path High
CVE-2026-8596 was published for sagemaker (pip) May 21, 2026
Electerm's full process.env exposed to renderer via window.pre.env Moderate
CVE-2026-43942 was published for electerm (npm) May 8, 2026
osageling Credited to osageling
Flowise: Bcrypt Password Hash Exposure Moderate
CVE-2026-8026 was published for flowise (npm) May 6, 2026
Prometheus Azure AD remote write OAuth client secret exposed via config API High
CVE-2026-42151 was published for github.com/prometheus/prometheus (Go) May 5, 2026
brettgervasoni Credited to brettgervasoni
Cillium exposes sensitive information included in the cilium-bugtool debug archive High
CVE-2026-41520 was published for github.com/cilium/cilium (Go) Apr 25, 2026
tklauser Credited to tklauser and kodareef5 kodareef5 kodareef5
TYPO3 CMS Stores Cleartext Password in User Settings Module High
CVE-2026-6553 was published for typo3/cms-backend (Composer) Apr 24, 2026
mclewing Credited to mclewing, garvinhicking, and ohader garvinhicking garvinhicking
ohader ohader
Langflow: Cleartext Storage of Authentication Settings in Project Creation Endpoint Low
CVE-2026-6598 was published for langflow (pip) Apr 20, 2026
Flowise: Unauthenticated Information Disclosure of OAuth Secrets (Cleartext) via GET Request Moderate
CVE-2026-56270 was published for flowise (npm) Apr 16, 2026
berkdedekarginoglu Credited to berkdedekarginoglu
ProTip! Advisories are also available from the GraphQL API