Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

914 advisories

Loading
A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in... Low Unreviewed
CVE-2025-4234 was published Sep 12, 2025
Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of... High Unreviewed
CVE-2025-43888 was published Sep 10, 2025
Insertion of Sensitive Information into Log File (CWE-532) in the ARP Agent component in... Moderate Unreviewed
CVE-2025-10221 was published Sep 10, 2025
secrets-store-sync-controller discloses service account tokens in logs Moderate
CVE-2025-7445 was published for sigs.k8s.io/secrets-store-sync-controller (Go) Sep 5, 2025
NVIDIA Cumulus Linux and NVOS products contain a vulnerability, where hashed user passwords are... Moderate Unreviewed
CVE-2025-23261 was published Sep 5, 2025
Contrast leaks workload secrets to logs on INFO level High
GHSA-vxg3-w9rv-rhr2 was published for github.com/edgelesssys/contrast (Go) Aug 28, 2025
katexochen
Credited to katexochen
traQ Allows Insertion of Sensitive Information into Log File Moderate
CVE-2025-57813 was published for github.com/traPtitech/traQ (Go) Aug 26, 2025
ras0q
Credited to ras0q
On affected platforms running Arista EOS, the global common encryption key configuration may be... Low Unreviewed
CVE-2025-3456 was published Aug 26, 2025
Template Secret leakage in logs in Scaffolder when using `fetch:template` Low
CVE-2025-55285 was published for @backstage/plugin-scaffolder-backend (npm) Aug 15, 2025
cai0duque
Credited to cai0duque
Dell OpenManage Enterprise, versions 3.10, 4.0, 4.1, and 4.2, contains an Insertion of Sensitive... Moderate Unreviewed
CVE-2025-38745 was published Aug 14, 2025
Insertion of sensitive information into log file for some Intel(R) Local Manageability Service... Moderate Unreviewed
CVE-2025-24520 was published Aug 12, 2025
The SAP NetWeaver Application Server ABAP and ABAP Platform Internet Communication Manager (ICM)... Moderate Unreviewed
CVE-2025-42935 was published Aug 12, 2025
Shared Access Signature token is not masked in the backup configuration response and is also... Moderate Unreviewed
CVE-2025-8864 was published Aug 11, 2025
An issue was discovered in BMC Control-M 9.0.21.300. When Control-M Server has a database... Critical Unreviewed
CVE-2025-48709 was published Aug 7, 2025
NVIDIA Omniverse Launcher for Windows and Linux contains a vulnerability in the launcher logs,... Moderate Unreviewed
CVE-2025-23289 was published Jul 31, 2025
A Insertion of Sensitive Information into Log File vulnerability in SUSE Multi Linux Manager... Moderate Unreviewed
CVE-2025-46809 was published Jul 31, 2025
Dell XtremIO, version(s) 6.4.0-22, contain(s) an Insertion of Sensitive Information into Log File... High Unreviewed
CVE-2025-30105 was published Jul 30, 2025
TechAdvisor versions 2.6 through 3.37-30 for Dell XtremIO X2, contain(s) an Insertion of... High Unreviewed
CVE-2025-26332 was published Jul 30, 2025
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia... Moderate Unreviewed
CVE-2025-43225 was published Jul 30, 2025
"SwitchBot" App for iOS/Android contains an insertion of sensitive information into log file... Moderate Unreviewed
CVE-2025-53649 was published Jul 29, 2025
A potential security vulnerability has been identified in the Poly Clariti Manager for versions... Moderate Unreviewed
CVE-2025-43485 was published Jul 23, 2025
Okta On-Premises Provisioning (OPP) agents log certain user data during administrator-initiated... Moderate Unreviewed
CVE-2025-7371 was published Jul 22, 2025
Insertion of sensitive information into log file issue exists in "region PAY" App for Android... Low Unreviewed
CVE-2025-52580 was published Jul 22, 2025
RageAgainstThePixel/setup-steamcmd leaked authentication token in job output logs High
GHSA-c5qx-p38x-qf5w was published for RageAgainstThePixel/setup-steamcmd (GitHub Actions) Jul 21, 2025
BrknRobot
Credited to BrknRobot
buildalon/setup-steamcmd leaked authentication token in job output logs High
GHSA-mj96-mh85-r574 was published for buildalon/setup-steamcmd (GitHub Actions) Jul 21, 2025
BrknRobot
Credited to BrknRobot
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database