Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,016
Maven
5,000+
npm
4,737
NuGet
814
pip
4,347
Pub
12
RubyGems
987
Rust
1,140
Swift
50
Unreviewed advisories
All unreviewed
5,000+

85 advisories

Loading
OpenClaw log poisoning (indirect prompt injection) via WebSocket headers Low
GHSA-g27f-9qjv-22pm was published for openclaw (npm) Feb 17, 2026
pkerkhofs
Credited to pkerkhofs
IBM MQ Operator (SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29) and IBM‑supplied MQ Advanced container... Moderate Unreviewed
CVE-2025-12755 was published Feb 17, 2026
Keycloak logs sensitive headers Moderate
CVE-2025-11537 was published for org.keycloak:keycloak-quarkus-server (Maven) Feb 10, 2026
Neo4j Enterprise and Community editions have insufficient escaping of unicode characters in query log Low
CVE-2026-1337 was published for org.neo4j:neo4j (Maven) Feb 6, 2026
Duplicate Advisory: go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data Moderate
GHSA-86rf-68f4-2cph was published for github.com/go-viper/mapstructure/v2 (Go) Jan 26, 2026 withdrawn
In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform... Moderate Unreviewed
CVE-2025-20384 was published Dec 3, 2025
IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other... Moderate Unreviewed
CVE-2025-36159 was published Nov 21, 2025
The Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each Issue plugin for... Moderate Unreviewed
CVE-2025-11627 was published Oct 30, 2025
IBM Concert Software 1.0.0 through 2.0.0 could allow a user to modify system logs due to... Moderate Unreviewed
CVE-2025-36081 was published Oct 28, 2025
CubeAPM nightly-2025-08-01-1 allow unauthenticated attackers to inject arbitrary log entries into... High Unreviewed
CVE-2025-57564 was published Oct 7, 2025
An API endpoint allows arbitrary log entries to be created via POST request. Without... Moderate Unreviewed
CVE-2025-58580 was published Oct 6, 2025
A vulnerability exists in Asset Suite for an authenticated user to manipulate the content of... Moderate Unreviewed
CVE-2025-10217 was published Sep 30, 2025
Jenkins has a log message injection vulnerability Moderate
CVE-2025-59476 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 17, 2025
Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout,... Moderate Unreviewed
CVE-2025-54813 was published Aug 22, 2025
Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout,... Low Unreviewed
CVE-2025-54812 was published Aug 22, 2025
go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data Moderate
CVE-2025-11065 was published for github.com/go-viper/mapstructure/v2 (Go) Aug 21, 2025
cipherboy
Credited to cipherboy
Litestar has potential log injection in exception logging Low
GHSA-674p-xv2x-rf3g was published for litestar (pip) Aug 11, 2025
Cycloctane
Credited to Cycloctane
MS SWIFT WEB-UI RCE Vulnerability Moderate
CVE-2025-41419 was published for ms-swift (pip) Jul 31, 2025
TencentAISec
Credited to TencentAISec
Apache Struts Extras Before 2 has an Improper Output Neutralization for Logs Vulnerability Moderate
CVE-2025-54656 was published for org.apache.struts:struts-extras (Maven) Jul 30, 2025
ryanmurf
Credited to ryanmurf
Django Improper Output Neutralization for Logs vulnerability Moderate
CVE-2025-48432 was published for Django (pip) Jun 5, 2025
Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on... Moderate Unreviewed
CVE-2024-13949 was published May 22, 2025
Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows,... Moderate Unreviewed
CVE-2025-3942 was published May 22, 2025
a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with... Low Unreviewed
CVE-2025-41429 was published May 19, 2025
In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging... Moderate Unreviewed
CVE-2025-36625 was published Apr 18, 2025
An Improper Output Neutralization for Logs vulnerability [CWE-117] in FortiAnalyzer version 7.6.1... Moderate Unreviewed
CVE-2024-52962 was published Apr 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database