Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,016
Maven
5,000+
npm
4,737
NuGet
814
pip
4,347
Pub
12
RubyGems
987
Rust
1,140
Swift
50
Unreviewed advisories
All unreviewed
5,000+

85 advisories

Loading
OpenClaw log poisoning (indirect prompt injection) via WebSocket headers Low
GHSA-g27f-9qjv-22pm was published for openclaw (npm) Feb 17, 2026
pkerkhofs
Credited to pkerkhofs
IBM MQ Operator (SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29) and IBM‑supplied MQ Advanced container... Moderate Unreviewed
CVE-2025-12755 was published Feb 17, 2026
Keycloak logs sensitive headers Moderate
CVE-2025-11537 was published for org.keycloak:keycloak-quarkus-server (Maven) Feb 10, 2026
Neo4j Enterprise and Community editions have insufficient escaping of unicode characters in query log Low
CVE-2026-1337 was published for org.neo4j:neo4j (Maven) Feb 6, 2026
go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data Moderate
CVE-2025-11065 was published for github.com/go-viper/mapstructure/v2 (Go) Aug 21, 2025
cipherboy
Credited to cipherboy
Duplicate Advisory: go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data Moderate
GHSA-86rf-68f4-2cph was published for github.com/go-viper/mapstructure/v2 (Go) Jan 26, 2026 withdrawn
In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform... Moderate Unreviewed
CVE-2025-20384 was published Dec 3, 2025
IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other... Moderate Unreviewed
CVE-2025-36159 was published Nov 21, 2025
Apache Struts Extras Before 2 has an Improper Output Neutralization for Logs Vulnerability Moderate
CVE-2025-54656 was published for org.apache.struts:struts-extras (Maven) Jul 30, 2025
ryanmurf
Credited to ryanmurf
Jenkins has a log message injection vulnerability Moderate
CVE-2025-59476 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 17, 2025
Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout,... Moderate Unreviewed
CVE-2025-54813 was published Aug 22, 2025
Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout,... Low Unreviewed
CVE-2025-54812 was published Aug 22, 2025
Ansible-core information disclosure flaw Moderate
CVE-2024-0690 was published for ansible-core (pip) Feb 6, 2024
Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection Moderate
CVE-2025-27111 was published for rack (RubyGems) Mar 4, 2025
Masamuneee ioquatix
jeremyevans
Credited to Masamuneee, ioquatix, and jeremyevans
Possible Log Injection in Rack::CommonLogger Moderate
CVE-2025-25184 was published for rack (RubyGems) Feb 12, 2025
HexSave jeremyevans
ioquatix taketo1113 nick-f vladimir-mencl-eresearch lostapathy matthewbjones lfittl
Credited to HexSave, jeremyevans, ioquatix, taketo1113, nick-f, vladimir-mencl-eresearch, lostapathy, matthewbjones, and lfittl
flask-cors vulnerable to log injection when the log level is set to debug Moderate
CVE-2024-1681 was published for flask-cors (pip) Apr 19, 2024
bayandin
Credited to bayandin
The Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each Issue plugin for... Moderate Unreviewed
CVE-2025-11627 was published Oct 30, 2025
IBM Concert Software 1.0.0 through 2.0.0 could allow a user to modify system logs due to... Moderate Unreviewed
CVE-2025-36081 was published Oct 28, 2025
MS SWIFT WEB-UI RCE Vulnerability Moderate
CVE-2025-41419 was published for ms-swift (pip) Jul 31, 2025
TencentAISec
Credited to TencentAISec
CubeAPM nightly-2025-08-01-1 allow unauthenticated attackers to inject arbitrary log entries into... High Unreviewed
CVE-2025-57564 was published Oct 7, 2025
An API endpoint allows arbitrary log entries to be created via POST request. Without... Moderate Unreviewed
CVE-2025-58580 was published Oct 6, 2025
A vulnerability exists in Asset Suite for an authenticated user to manipulate the content of... Moderate Unreviewed
CVE-2025-10217 was published Sep 30, 2025
Litestar has potential log injection in exception logging Low
GHSA-674p-xv2x-rf3g was published for litestar (pip) Aug 11, 2025
Cycloctane
Credited to Cycloctane
Django Improper Output Neutralization for Logs vulnerability Moderate
CVE-2025-48432 was published for Django (pip) Jun 5, 2025
Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows,... Moderate Unreviewed
CVE-2025-3942 was published May 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database