Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

964 advisories

Loading
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26... Low Unreviewed
CVE-2026-20646 was published Feb 12, 2026
The issue was resolved by sanitizing logging. This issue is fixed in iOS 26.3 and iPadOS 26.3,... Low Unreviewed
CVE-2026-20663 was published Feb 12, 2026
The vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573)... Moderate Unreviewed
CVE-2026-1495 was published Feb 10, 2026
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker... Moderate Unreviewed
CVE-2026-21222 was published Feb 10, 2026
AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server... High Unreviewed
CVE-2025-11547 was published Feb 10, 2026
unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command) Moderate
CVE-2026-25918 was published for @rage-against-the-pixel/unity-cli (npm) Feb 10, 2026
In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs Moderate Unreviewed
CVE-2026-25846 was published Feb 9, 2026
Tanium addressed an information disclosure vulnerability in Threat Response. Moderate Unreviewed
CVE-2025-15332 was published Feb 5, 2026
Neo4j Enterprise and Community vulnerable to a potential information disclosure Moderate
CVE-2026-1622 was published for org.neo4j:neo4j (Maven) Feb 4, 2026
RustFS Logs Sensitive Credentials in Plaintext Moderate
CVE-2026-24762 was published for rustfs (Rust) Feb 3, 2026
cchheang
Credited to cchheang
Apache Airflow proxy credentials for various providers might leak in task logs High
CVE-2025-68675 was published for apache-airflow (pip) Jan 16, 2026
vLLM has RCE In Video Processing Critical
CVE-2026-22778 was published for vllm (pip) Feb 2, 2026
dan-sec-ops DarkLight1337
russellb
Credited to dan-sec-ops, DarkLight1337, and russellb
In Secure Access 12.70 and prior to 14.20, the logging subsystem may write an unredacted... Moderate Unreviewed
CVE-2026-0519 was published Jan 17, 2026
Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to... High Unreviewed
CVE-2025-6391 was published Jul 18, 2025
Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to... Low Unreviewed
CVE-2025-13743 was published Dec 9, 2025
Llama Stack exposes secret in initialization log Low
CVE-2026-25211 was published for llama-stack (pip) Jan 30, 2026
An Insertion of Sensitive Information into Log File vulnerability in B&R PVI client versions... Moderate Unreviewed
CVE-2026-0936 was published Jan 29, 2026
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled... Moderate Unreviewed
CVE-2025-58189 was published Oct 30, 2025
Apache Linkis: Password Exposure Moderate
CVE-2025-59355 was published for org.apache.linkis:linkis-metadata (Maven) Jan 19, 2026
IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read... Moderate Unreviewed
CVE-2025-13925 was published Jan 20, 2026
RustFS's RPC signature verification logs shared secret Low
CVE-2026-22782 was published for rustfs (Rust) Jan 16, 2026
rand-tech
Credited to rand-tech
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26... Moderate Unreviewed
CVE-2025-43508 was published Jan 16, 2026
Pimcore ENV Variables and Cookie Informations are exposed in http_error_log High
CVE-2026-23493 was published for pimcore/pimcore (Composer) Jan 15, 2026
putzflorian
Credited to putzflorian
hermes's raw options logging may disclose secrets passed in via subcommand options argument Moderate
CVE-2026-22798 was published for hermes (pip) Jan 13, 2026
thunze sdruskat
zyzzyxdonta
Credited to thunze, sdruskat, and zyzzyxdonta
Insertion of sensitive information into log file in Windows Kernel allows an unauthorized... Moderate Unreviewed
CVE-2026-20818 was published Jan 13, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database