Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,016
Maven
5,000+
npm
4,737
NuGet
814
pip
4,347
Pub
12
RubyGems
987
Rust
1,140
Swift
50
Unreviewed advisories
All unreviewed
5,000+

59 advisories

Loading
IBM MQ Operator (SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29) and IBM‑supplied MQ Advanced container... Moderate Unreviewed
CVE-2025-12755 was published Feb 17, 2026
Keycloak logs sensitive headers Moderate
CVE-2025-11537 was published for org.keycloak:keycloak-quarkus-server (Maven) Feb 10, 2026
Duplicate Advisory: go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data Moderate
GHSA-86rf-68f4-2cph was published for github.com/go-viper/mapstructure/v2 (Go) Jan 26, 2026 withdrawn
In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform... Moderate Unreviewed
CVE-2025-20384 was published Dec 3, 2025
IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other... Moderate Unreviewed
CVE-2025-36159 was published Nov 21, 2025
The Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each Issue plugin for... Moderate Unreviewed
CVE-2025-11627 was published Oct 30, 2025
IBM Concert Software 1.0.0 through 2.0.0 could allow a user to modify system logs due to... Moderate Unreviewed
CVE-2025-36081 was published Oct 28, 2025
An API endpoint allows arbitrary log entries to be created via POST request. Without... Moderate Unreviewed
CVE-2025-58580 was published Oct 6, 2025
A vulnerability exists in Asset Suite for an authenticated user to manipulate the content of... Moderate Unreviewed
CVE-2025-10217 was published Sep 30, 2025
Jenkins has a log message injection vulnerability Moderate
CVE-2025-59476 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 17, 2025
Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout,... Moderate Unreviewed
CVE-2025-54813 was published Aug 22, 2025
go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data Moderate
CVE-2025-11065 was published for github.com/go-viper/mapstructure/v2 (Go) Aug 21, 2025
cipherboy
Credited to cipherboy
MS SWIFT WEB-UI RCE Vulnerability Moderate
CVE-2025-41419 was published for ms-swift (pip) Jul 31, 2025
TencentAISec
Credited to TencentAISec
Apache Struts Extras Before 2 has an Improper Output Neutralization for Logs Vulnerability Moderate
CVE-2025-54656 was published for org.apache.struts:struts-extras (Maven) Jul 30, 2025
ryanmurf
Credited to ryanmurf
Django Improper Output Neutralization for Logs vulnerability Moderate
CVE-2025-48432 was published for Django (pip) Jun 5, 2025
Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on... Moderate Unreviewed
CVE-2024-13949 was published May 22, 2025
Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows,... Moderate Unreviewed
CVE-2025-3942 was published May 22, 2025
In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging... Moderate Unreviewed
CVE-2025-36625 was published Apr 18, 2025
An Improper Output Neutralization for Logs vulnerability [CWE-117] in FortiAnalyzer version 7.6.1... Moderate Unreviewed
CVE-2024-52962 was published Apr 8, 2025
A vulnerability in danny-avila/librechat prior to version 0.7.6 allows for logs debug injection.... Moderate Unreviewed
CVE-2024-12580 was published Mar 20, 2025
Envoy Gateway Log Injection Vulnerability Moderate
CVE-2025-25294 was published for github.com/envoyproxy/gateway (Go) Mar 6, 2025
denniskniep zirain
guydc
Credited to denniskniep, zirain, and guydc
Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection Moderate
CVE-2025-27111 was published for rack (RubyGems) Mar 4, 2025
Masamuneee ioquatix
jeremyevans
Credited to Masamuneee, ioquatix, and jeremyevans
Unauthenticated log effects metrics gathering incident response efforts and potentially exposes... Moderate Unreviewed
CVE-2025-23405 was published Feb 28, 2025
IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files... Moderate Unreviewed
CVE-2024-49355 was published Feb 20, 2025
Possible Log Injection in Rack::CommonLogger Moderate
CVE-2025-25184 was published for rack (RubyGems) Feb 12, 2025
HexSave jeremyevans
ioquatix taketo1113 nick-f vladimir-mencl-eresearch lostapathy matthewbjones lfittl
Credited to HexSave, jeremyevans, ioquatix, taketo1113, nick-f, vladimir-mencl-eresearch, lostapathy, matthewbjones, and lfittl
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database