Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

492 advisories

Loading
Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token Critical
CVE-2026-48039 was published for meta-ads-mcp (pip) Jun 11, 2026
232-323 Credited to 232-323
Several Spring WS integration paths with Spring Security could surface detailed account state ... Moderate Unreviewed
CVE-2026-40997 was published Jun 11, 2026
Spring Data REST serializes the full exception cause chain into HTTP error response bodies,... Moderate Unreviewed
CVE-2026-41730 was published Jun 10, 2026
Omni: Operator can traverse image-factory API paths via unsanitized `talos_version` in CreateSchematic Low
CVE-2026-45723 was published for github.com/siderolabs/omni (Go) Jun 5, 2026
bugbunny-research Credited to bugbunny-research
HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability.... Low Unreviewed
CVE-2025-52611 was published Jun 4, 2026
HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during... Moderate Unreviewed
CVE-2025-52606 was published Jun 4, 2026
Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers Moderate
CVE-2026-47248 was published for parse-server (npm) May 29, 2026
offset Credited to offset and mtrezza mtrezza mtrezza
A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability... Moderate Unreviewed
CVE-2026-9794 was published May 28, 2026
IBM Business Automation Workflow containers and traditional may leak information about its... Moderate Unreviewed
CVE-2026-1248 was published May 27, 2026
IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator 10.0.0.0 through 10.0.0.2... Moderate Unreviewed
CVE-2024-28765 was published May 27, 2026
In the web management interface of Archer AX72 (SG) v1, the network diagnostic feature improperly... Moderate Unreviewed
CVE-2026-5511 was published May 19, 2026
Algernon: Single-file mode unconditionally enables debug mode High
CVE-2026-45728 was published for github.com/xyproto/algernon (Go) May 19, 2026
Dredsen Credited to Dredsen
Vaadin Build Plugins is Affected by a Possible Information Disclosure Vulnerability Low
CVE-2026-7860 was published for com.vaadin:flow-gradle-plugin (Maven) May 19, 2026
Vvveb before 1.0.8.3 contains an uncontrolled recursion vulnerability in the admin controller... High Unreviewed
CVE-2026-41935 was published May 14, 2026
vm2 is Vulnerable to Host File Path Disclosure via Stack Trace Information Leak Moderate
CVE-2026-44002 was published for vm2 (npm) May 7, 2026
koDove Credited to koDove
Free5GC UDM has Improper Input Validation and Generation of Error Messages Containing Sensitive Information High
CVE-2026-42459 was published for github.com/free5gc/udm (Go) May 7, 2026
Giancannella Credited to Giancannella
Flight vulnerable to sensitive information disclosure via default error handler High
CVE-2026-42552 was published for flightphp/core (Composer) May 6, 2026
Rootingg Credited to Rootingg
HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error... Moderate Unreviewed
CVE-2025-31960 was published May 6, 2026
PyLoad vulnerable to unauthenticated traceback disclosure via global exception handler in WebUI Moderate
CVE-2026-44226 was published for pyload-ng (pip) May 6, 2026
HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application... Low Unreviewed
CVE-2025-59853 was published May 6, 2026
AVideo: Unauthenticated Disclosure of CloneSite `myKey` via Error Echo in `cloneClient.json.php` Enables Cross-Site DB Dump of the Configured Clone Server High
CVE-2026-43873 was published for wwbn/avideo (Composer) May 5, 2026
offset Credited to offset
Spring gRPC AuthenticationException messages are reflected to remote client Low
CVE-2026-40969 was published for org.springframework.grpc:spring-grpc (Maven) Apr 28, 2026
A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized... High Unreviewed
CVE-2026-3259 was published Apr 23, 2026
monetr: Server-side request forgery in Lunch Flow link creation and refresh High
CVE-2026-41644 was published for github.com/monetr/monetr (Go) Apr 22, 2026
elliotcourant Credited to elliotcourant
Meridian: Multiple defense-in-depth gaps (collection/depth caps, telemetry, retry, fan-out) High
GHSA-f5v8-v6q3-q4h6 was published for Meridian.Mapping (NuGet) Apr 16, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database