Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,552
Maven
5,000+
npm
4,224
NuGet
746
pip
3,999
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+

76 advisories

Loading
CubeAPM nightly-2025-08-01-1 allow unauthenticated attackers to inject arbitrary log entries into... High Unreviewed
CVE-2025-57564 was published Oct 7, 2025
An API endpoint allows arbitrary log entries to be created via POST request. Without... Moderate Unreviewed
CVE-2025-58580 was published Oct 6, 2025
A vulnerability exists in Asset Suite for an authenticated user to manipulate the content of... Moderate Unreviewed
CVE-2025-10217 was published Sep 30, 2025
Jenkins has a log message injection vulnerability Moderate
CVE-2025-59476 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 17, 2025
Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout,... Low Unreviewed
CVE-2025-54812 was published Aug 22, 2025
Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout,... Moderate Unreviewed
CVE-2025-54813 was published Aug 22, 2025
go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data Moderate
GHSA-2464-8j7c-4cjm was published for github.com/go-viper/mapstructure/v2 (Go) Aug 21, 2025
cipherboy
Credited to cipherboy
Litestar has potential log injection in exception logging Low
GHSA-674p-xv2x-rf3g was published for litestar (pip) Aug 11, 2025
Cycloctane
Credited to Cycloctane
MS SWIFT WEB-UI RCE Vulnerability Moderate
GHSA-7c78-rm87-5673 was published for ms-swift (pip) Jul 31, 2025
TencentAISec
Credited to TencentAISec
Apache Struts Extras Before 2 has an Improper Output Neutralization for Logs Vulnerability Moderate
CVE-2025-54656 was published for org.apache.struts:struts-extras (Maven) Jul 30, 2025
Django Improper Output Neutralization for Logs vulnerability Moderate
CVE-2025-48432 was published for Django (pip) Jun 5, 2025
Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on... Moderate Unreviewed
CVE-2024-13949 was published May 22, 2025
Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows,... Moderate Unreviewed
CVE-2025-3942 was published May 22, 2025
a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with... Low Unreviewed
CVE-2025-41429 was published May 19, 2025
In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging... Moderate Unreviewed
CVE-2025-36625 was published Apr 18, 2025
An Improper Output Neutralization for Logs vulnerability [CWE-117] in FortiAnalyzer version 7.6.1... Moderate Unreviewed
CVE-2024-52962 was published Apr 8, 2025
LiteLLM Reveals Portion of API Key via a Logging File High
CVE-2024-9606 was published for litellm (pip) Mar 20, 2025
A vulnerability in danny-avila/librechat prior to version 0.7.6 allows for logs debug injection.... Moderate Unreviewed
CVE-2024-12580 was published Mar 20, 2025
Envoy Gateway Log Injection Vulnerability Moderate
CVE-2025-25294 was published for github.com/envoyproxy/gateway (Go) Mar 6, 2025
denniskniep zirain
guydc
Credited to denniskniep, zirain, and guydc
Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection Moderate
CVE-2025-27111 was published for rack (RubyGems) Mar 4, 2025
Masamuneee ioquatix
jeremyevans
Credited to Masamuneee, ioquatix, and jeremyevans
Unauthenticated log effects metrics gathering incident response efforts and potentially exposes... Moderate Unreviewed
CVE-2025-23405 was published Feb 28, 2025
IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files... Moderate Unreviewed
CVE-2024-49355 was published Feb 20, 2025
Possible Log Injection in Rack::CommonLogger Moderate
CVE-2025-25184 was published for rack (RubyGems) Feb 12, 2025
HexSave jeremyevans
ioquatix taketo1113 nick-f vladimir-mencl-eresearch lostapathy matthewbjones lfittl
Credited to HexSave, jeremyevans, ioquatix, taketo1113, nick-f, vladimir-mencl-eresearch, lostapathy, matthewbjones, and lfittl
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address,... Moderate Unreviewed
CVE-2024-56473 was published Feb 6, 2025
The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. This issue occurs due to... Moderate Unreviewed
CVE-2025-0754 was published Jan 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database