Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

97 advisories

Loading
morgan vulnerable to Log Forging via unneutralized control characters in :remote-user Moderate
CVE-2026-5078 was published for morgan (npm) Jul 10, 2026
yuki-matsuhashi Credited to yuki-matsuhashi, UlisesGascon, and jonchurch UlisesGascon UlisesGascon
jonchurch jonchurch
netfoil: Attacker controlled data written to logs Low
GHSA-7856-g3gv-9wq8 was published for github.com/tinfoil-factory/netfoil (Go) Jul 7, 2026
stigtsp Credited to stigtsp
Crawl4AI: Arbitrary file write (symlink/TOCTOU) plus log and webhook-header injection in Docker server High
GHSA-7cx2-g3h9-382p was published for crawl4ai (pip) Jun 16, 2026
OpenTelemetry eBPF Instrumentation: Redis error text is exported in span status messages Moderate
CVE-2026-45679 was published for go.opentelemetry.io/obi (Go) May 18, 2026
MrAlias Credited to MrAlias and grcevski grcevski grcevski
Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility Moderate
CVE-2026-34478 was published for org.apache.logging.log4j:log4j-core (Maven) Apr 10, 2026
ppkarwasz Credited to ppkarwasz
IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an... Moderate Unreviewed
CVE-2025-14684 was published Mar 26, 2026
OliveTin's email argument makes compliance harder, enables log injection Moderate
GHSA-xx6g-43w2-9g6g was published for github.com/OliveTin/OliveTin (Go) Mar 12, 2026
fg0x0 Credited to fg0x0
OpenClaw log poisoning (indirect prompt injection) via WebSocket headers Low
GHSA-g27f-9qjv-22pm was published for openclaw (npm) Feb 17, 2026
pkerkhofs Credited to pkerkhofs
Keycloak logs sensitive headers Moderate
CVE-2025-11537 was published for org.keycloak:keycloak-quarkus-server (Maven) Feb 10, 2026
julianladisch Credited to julianladisch and eminaktas eminaktas eminaktas
Neo4j Enterprise and Community editions have insufficient escaping of unicode characters in query log Low
CVE-2026-1337 was published for org.neo4j:neo4j (Maven) Feb 6, 2026
Duplicate Advisory: go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data Moderate
GHSA-86rf-68f4-2cph was published for github.com/go-viper/mapstructure/v2 (Go) Jan 26, 2026 withdrawn
The Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each Issue plugin for... Moderate Unreviewed
CVE-2025-11627 was published Oct 30, 2025
An API endpoint allows arbitrary log entries to be created via POST request. Without... Moderate Unreviewed
CVE-2025-58580 was published Oct 6, 2025
Jenkins has a log message injection vulnerability Moderate
CVE-2025-59476 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 17, 2025
ProTip! Advisories are also available from the GraphQL API