Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,792
Erlang
36
GitHub Actions
29
Go
2,377
Maven
5,000+
npm
4,002
NuGet
720
pip
3,802
Pub
12
RubyGems
927
Rust
984
Swift
38
Unreviewed advisories
All unreviewed
5,000+

12 advisories

Loading
A credential leak in OpenC3 COSMOS v6.0.0 allows attackers to access service credentials as... High Unreviewed
CVE-2025-28381 was published Jun 13, 2025
Mautic does not shield .env files from web traffic Moderate
CVE-2024-47056 was published for mautic/core (Composer) May 28, 2025
r3ky lenonleite
nick-vanpraet patrykgruszka
IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain... Critical Unreviewed
CVE-2023-43029 was published Mar 21, 2025
Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery... High Unreviewed
CVE-2024-12604 was published Mar 10, 2025
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD stores potentially sensitive information in... Moderate Unreviewed
CVE-2025-0985 was published Feb 28, 2025
Keycloak allows unrestricted admin use of system and environment variables Moderate
CVE-2024-11736 was published for org.keycloak:keycloak-quarkus-server (Maven) Jan 13, 2025
shawkins
An information disclosure flaw was found in OpenShift's internal image registry operator.... Moderate Unreviewed
CVE-2024-4369 was published May 1, 2024
quarkus-core leaks local environment variables from Quarkus namespace during application's build High
CVE-2024-2700 was published for io.quarkus:quarkus-core (Maven) Apr 4, 2024
bschuhmann
Quarkus does not properly sanitize artifacts created from its use of the Gradle plugin, allowing certain build system information to remain High
CVE-2023-5720 was published for io.quarkus:quarkus-project (Maven) Nov 15, 2023
A CWE-526: Exposure of Sensitive Information Through Environmental Variables vulnerability exists... Low Unreviewed
CVE-2023-47615 was published Nov 9, 2023
Shescape potential environment variable exposure on Windows with CMD Low
CVE-2023-35931 was published for shescape (npm) Jun 22, 2023
Hashicorp Nomad Information Exposure Through Environmental Variables Moderate
CVE-2019-14802 was published for github.com/hashicorp/nomad (Go) Feb 15, 2022
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database