Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,538
Maven
5,000+
npm
5,000+
NuGet
914
pip
4,790
Pub
13
RubyGems
1,037
Rust
1,232
Swift
53
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Loading
Dgraph: Unauthenticated /debug/pprof/cmdline discloses admin auth token, enabling unauthorized access to protected Alpha admin endpoints Critical
CVE-2026-40173 was published for github.com/dgraph-io/dgraph (Go) Apr 16, 2026
komi22 Credited to komi22
NATS credentials are exposed in monitoring port via command-line argv High
CVE-2026-33247 was published for github.com/nats-io/nats-server/v2 (Go) Mar 24, 2026
The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote... High Unreviewed
CVE-2026-2250 was published Feb 11, 2026
Insertion of Sensitive Information Into Debugging Code vulnerability in Klarna Klarna Order... Moderate Unreviewed
CVE-2025-58598 was published Sep 3, 2025
The Contec Co.,Ltd. CONPROSYS HMI System (CHS) exposes a PHP phpinfo() debug page to... Moderate Unreviewed
CVE-2025-34081 was published Jul 1, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330... High Unreviewed
CVE-2025-27684 was published Mar 5, 2025
IBM Cognos Analytics Mobile 1.1 for Android could allow a user with physical access to the device... Low Unreviewed
CVE-2025-0895 was published Mar 2, 2025
GitHub PAT written to debug artifacts High
CVE-2025-24362 was published for github/codeql-action (GitHub Actions) Jan 24, 2025
jstawinski Credited to jstawinski
Insertion of Sensitive Information Into Debugging Code vulnerability in Importify Importify ... Moderate Unreviewed
CVE-2023-49194 was published Dec 9, 2024
An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023... Critical Unreviewed
CVE-2024-7569 was published Aug 13, 2024
cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code Low
CVE-2024-22194 was published for case-utils (pip) Jan 11, 2024
ajnelson-nist Credited to ajnelson-nist and kchason kchason kchason
Kubernetes ingress exposes sensitive information Moderate
CVE-2018-1002104 was published for k8s.io/ingress-nginx (Go) May 24, 2022
Insertion of Sensitive Information Into Debugging Code in Microweber High
CVE-2022-0721 was published for microweber/microweber (Composer) Feb 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database