GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
97 advisories
Filter by severity
morgan vulnerable to Log Forging via unneutralized control characters in :remote-user
Moderate
CVE-2026-5078
was published
for
morgan
(npm)
Jul 10, 2026
netfoil: Attacker controlled data written to logs
Low
GHSA-7856-g3gv-9wq8
was published
for
github.com/tinfoil-factory/netfoil
(Go)
Jul 7, 2026
Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant...
High
Unreviewed
CVE-2026-10745
was published
Jun 24, 2026
Crawl4AI: Arbitrary file write (symlink/TOCTOU) plus log and webhook-header injection in Docker server
High
GHSA-7cx2-g3h9-382p
was published
for
crawl4ai
(pip)
Jun 16, 2026
In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an...
Moderate
Unreviewed
CVE-2026-20260
was published
Jun 10, 2026
The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is...
Moderate
Unreviewed
CVE-2026-9016
was published
Jun 6, 2026
OpenTelemetry eBPF Instrumentation: Redis error text is exported in span status messages
Moderate
CVE-2026-45679
was published
for
go.opentelemetry.io/obi
(Go)
May 18, 2026
A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log...
Moderate
Unreviewed
CVE-2026-6494
was published
Apr 17, 2026
Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility
Moderate
CVE-2026-34478
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Apr 10, 2026
IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an...
Moderate
Unreviewed
CVE-2025-14684
was published
Mar 26, 2026
OliveTin's email argument makes compliance harder, enables log injection
Moderate
GHSA-xx6g-43w2-9g6g
was published
for
github.com/OliveTin/OliveTin
(Go)
Mar 12, 2026
2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters...
Moderate
Unreviewed
CVE-2025-59784
was published
Mar 4, 2026
OpenClaw log poisoning (indirect prompt injection) via WebSocket headers
Low
GHSA-g27f-9qjv-22pm
was published
for
openclaw
(npm)
Feb 17, 2026
IBM MQ Operator (SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29) and IBM‑supplied MQ Advanced container...
Moderate
Unreviewed
CVE-2025-12755
was published
Feb 17, 2026
Keycloak logs sensitive headers
Moderate
CVE-2025-11537
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Feb 10, 2026
Neo4j Enterprise and Community editions have insufficient escaping of unicode characters in query log
Low
CVE-2026-1337
was published
for
org.neo4j:neo4j
(Maven)
Feb 6, 2026
Duplicate Advisory: go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data
Moderate
GHSA-86rf-68f4-2cph
was published
for
github.com/go-viper/mapstructure/v2
(Go)
Jan 26, 2026
•
withdrawn
In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform...
Moderate
Unreviewed
CVE-2025-20384
was published
Dec 3, 2025
IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other...
Moderate
Unreviewed
CVE-2025-36159
was published
Nov 21, 2025
The Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each Issue plugin for...
Moderate
Unreviewed
CVE-2025-11627
was published
Oct 30, 2025
IBM Concert Software
1.0.0 through 2.0.0 could allow a user to modify system logs due to...
Moderate
Unreviewed
CVE-2025-36081
was published
Oct 28, 2025
CubeAPM nightly-2025-08-01-1 allow unauthenticated attackers to inject arbitrary log entries into...
High
Unreviewed
CVE-2025-57564
was published
Oct 7, 2025
An API endpoint allows arbitrary log entries to be created via POST request. Without...
Moderate
Unreviewed
CVE-2025-58580
was published
Oct 6, 2025
A vulnerability exists in Asset Suite for an authenticated user to manipulate the content of...
Moderate
Unreviewed
CVE-2025-10217
was published
Sep 30, 2025
Jenkins has a log message injection vulnerability
Moderate
CVE-2025-59476
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Sep 17, 2025
ProTip!
Advisories are also available from the
GraphQL API