Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,026
Maven
5,000+
npm
4,763
NuGet
824
pip
4,366
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

29 advisories

Loading
OpenClaw log poisoning (indirect prompt injection) via WebSocket headers Low
GHSA-g27f-9qjv-22pm was published for openclaw (npm) Feb 17, 2026
pkerkhofs
Credited to pkerkhofs
Keycloak logs sensitive headers Moderate
CVE-2025-11537 was published for org.keycloak:keycloak-quarkus-server (Maven) Feb 10, 2026
Neo4j Enterprise and Community editions have insufficient escaping of unicode characters in query log Low
CVE-2026-1337 was published for org.neo4j:neo4j (Maven) Feb 6, 2026
Duplicate Advisory: go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data Moderate
GHSA-86rf-68f4-2cph was published for github.com/go-viper/mapstructure/v2 (Go) Jan 26, 2026 withdrawn
Jenkins has a log message injection vulnerability Moderate
CVE-2025-59476 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 17, 2025
go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data Moderate
CVE-2025-11065 was published for github.com/go-viper/mapstructure/v2 (Go) Aug 21, 2025
cipherboy
Credited to cipherboy
Litestar has potential log injection in exception logging Low
GHSA-674p-xv2x-rf3g was published for litestar (pip) Aug 11, 2025
Cycloctane
Credited to Cycloctane
MS SWIFT WEB-UI RCE Vulnerability Moderate
CVE-2025-41419 was published for ms-swift (pip) Jul 31, 2025
TencentAISec
Credited to TencentAISec
Apache Struts Extras Before 2 has an Improper Output Neutralization for Logs Vulnerability Moderate
CVE-2025-54656 was published for org.apache.struts:struts-extras (Maven) Jul 30, 2025
ryanmurf
Credited to ryanmurf
Django Improper Output Neutralization for Logs vulnerability Moderate
CVE-2025-48432 was published for Django (pip) Jun 5, 2025
LiteLLM Reveals Portion of API Key via a Logging File High
CVE-2024-9606 was published for litellm (pip) Mar 20, 2025
Envoy Gateway Log Injection Vulnerability Moderate
CVE-2025-25294 was published for github.com/envoyproxy/gateway (Go) Mar 6, 2025
denniskniep zirain
guydc
Credited to denniskniep, zirain, and guydc
Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection Moderate
CVE-2025-27111 was published for rack (RubyGems) Mar 4, 2025
Masamuneee ioquatix
jeremyevans
Credited to Masamuneee, ioquatix, and jeremyevans
Possible Log Injection in Rack::CommonLogger Moderate
CVE-2025-25184 was published for rack (RubyGems) Feb 12, 2025
HexSave jeremyevans
ioquatix taketo1113 nick-f vladimir-mencl-eresearch lostapathy matthewbjones lfittl
Credited to HexSave, jeremyevans, ioquatix, taketo1113, nick-f, vladimir-mencl-eresearch, lostapathy, matthewbjones, and lfittl
flask-cors vulnerable to log injection when the log level is set to debug Moderate
CVE-2024-1681 was published for flask-cors (pip) Apr 19, 2024
bayandin
Credited to bayandin
Sentry vulnerable to leaking superuser cleartext password in logs High
CVE-2024-32474 was published for sentry (pip) Apr 18, 2024
lluuaapp
Credited to lluuaapp
Keycloak vulnerable to log Injection during WebAuthn authentication or registration Moderate
CVE-2023-6484 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
dhvakr
Credited to dhvakr
Potential log injection in reset user endpoint in CKAN Moderate
CVE-2024-27097 was published for ckan (pip) Mar 13, 2024
ZuhairORZaki
Credited to ZuhairORZaki
Ansible-core information disclosure flaw Moderate
CVE-2024-0690 was published for ansible-core (pip) Feb 6, 2024
Shopware's log module vulnerable to Improper Output Neutralization Low
CVE-2023-22733 was published for shopware/core (Composer) Jan 20, 2023
Yapscan's report receiver server vulnerable to path traversal and log injection High
GHSA-9h6h-9g78-86f7 was published for github.com/fkie-cad/yapscan (Go) Dec 29, 2022
tdunlap607
Credited to tdunlap607
Gin's default logger allows unsanitized input that can allow remote attackers to inject arbitrary log lines High
CVE-2020-36567 was published for github.com/gin-gonic/gin (Go) Dec 27, 2022
Log Injection in Apache Sling Commons Log and Apache Sling API Moderate
CVE-2022-32549 was published for org.apache.sling:org.apache.sling.api (Maven) Jun 23, 2022
Improper Output Neutralization for Logs in Spring Framework Moderate
CVE-2021-22096 was published for org.springframework:spring (Maven) May 24, 2022
artanaliji
Credited to artanaliji
Ansible Uses Plugins That Disclose Credentials High
CVE-2019-14846 was published for ansible (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database