GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
169 advisories
Filter by severity
Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android...
High
Unreviewed
CVE-2026-58297
was published
Jul 3, 2026
Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android...
High
Unreviewed
CVE-2026-58296
was published
Jul 3, 2026
Hi.Events through 1.9.0 public check-in list endpoints use short_id as sole access control,...
High
Unreviewed
CVE-2026-57960
was published
Jun 29, 2026
phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that...
High
Unreviewed
CVE-2026-56124
was published
Jun 29, 2026
A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL...
Moderate
Unreviewed
CVE-2026-48615
was published
Jun 26, 2026
Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that...
High
Unreviewed
CVE-2019-25762
was published
Jun 19, 2026
@angular/service-worker: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker
High
CVE-2026-54264
was published
for
@angular/service-worker
(npm)
Jun 15, 2026
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS...
Moderate
Unreviewed
CVE-2025-30459
was published
Jun 11, 2026
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers...
High
Unreviewed
CVE-2026-26237
was published
Jun 10, 2026
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer....
Moderate
Unreviewed
CVE-2026-25699
was published
Jun 9, 2026
HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to...
Moderate
Unreviewed
CVE-2020-25900
was published
Jun 5, 2026
XWiki Platform's Livetable results still allow reconstructing password hashes using 768 requests
High
CVE-2026-48048
was published
for
org.xwiki.platform:xwiki-platform-livetable-ui
(Maven)
May 26, 2026
Exposure of private personal information to an unauthorized actor, Insufficiently Protected...
High
Unreviewed
CVE-2025-13477
was published
May 21, 2026
phpMyFAQ: Missing Password Reset Token Allows Account Takeover via Username/Email Enumeration
High
CVE-2026-35675
was published
for
phpmyfaq/phpmyfaq
(Composer)
May 20, 2026
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26.5...
Moderate
Unreviewed
CVE-2026-28963
was published
May 11, 2026
This issue was addressed through improved state management. This issue is fixed in iOS 18.7.9 and...
High
Unreviewed
CVE-2026-28906
was published
May 11, 2026
The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0....
Moderate
Unreviewed
CVE-2025-66171
was published
May 8, 2026
The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0....
Moderate
Unreviewed
CVE-2025-66172
was published
May 8, 2026
Ech0 comment model's Email field returned on public /api/comments endpoints
Moderate
GHSA-rj4g-rqgh-rx9h
was published
for
github.com/lin-snow/Ech0
(Go)
May 7, 2026
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and...
Moderate
Unreviewed
CVE-2026-28950
was published
Apr 22, 2026
Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox...
Moderate
Unreviewed
CVE-2026-6765
was published
Apr 21, 2026
Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System...
Critical
Unreviewed
CVE-2025-15623
was published
Apr 17, 2026
LangSmith SDK: Streaming token events bypass output redaction
Moderate
CVE-2026-41182
was published
for
langsmith
(npm)
Apr 16, 2026
Keycloak: Information disclosure of disabled user attributes via administrative endpoint
Low
CVE-2026-3911
was published
for
org.keycloak:keycloak-services
(Maven)
Mar 11, 2026
Under specific conditions, a malicious webpage may trigger autofill population after two...
Low
Unreviewed
CVE-2026-0102
was published
Feb 17, 2026
ProTip!
Advisories are also available from the
GraphQL API