GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
66 advisories
Directus Vulnerable to Information Leakage in Existing Collections
Moderate
CVE-2025-64749
was published
for
@directus/api
(npm)
Nov 13, 2025
Actual Sync-server Gocardless service is logging sensitive data including bearer tokens and account numbers
Moderate
GHSA-xvp7-8vm8-xfxx
was published
for
@actual-app/sync-server
(npm)
Oct 20, 2025
Jackson-core Vulnerable to Memory Disclosure via Source Snippet in JsonLocation
Moderate
CVE-2025-49128
was published
for
com.fasterxml.jackson.core:jackson-core
(Maven)
Jun 7, 2025
Argo CD does not scrub secret values from patch errors
Moderate
CVE-2025-23216
was published
for
github.com/argoproj/argo-cd
(Go)
Jan 30, 2025
Sentry improper error handling leaks Application Integration Client Secret
Moderate
CVE-2024-53253
was published
for
sentry
(pip)
Nov 22, 2024
Drupal Full Path Disclosure
Moderate
CVE-2024-45440
was published
for
drupal/core
(Composer)
Aug 29, 2024
CKAN may leak Solr credentials via error message in package_search action
Moderate
CVE-2024-41674
was published
for
ckan
(pip)
Aug 21, 2024
Generation of Error Message Containing Sensitive Information in zsa
Moderate
CVE-2024-37162
was published
for
zsa
(npm)
Jun 6, 2024
Argo-cd authenticated users can enumerate clusters by name
Moderate
CVE-2024-36106
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 6, 2024
Apache Superset: Improper error handling on alerts
Moderate
CVE-2024-27315
was published
for
apache-superset
(pip)
Feb 28, 2024
ProTip!
Advisories are also available from the
GraphQL API