Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,014
Maven
5,000+
npm
3,721
NuGet
662
pip
3,393
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+

148 advisories

Loading
OpenStack Glance sensitive information disclosure via logs Moderate
CVE-2014-1948 was published for glance (pip) May 17, 2022
Ansible vulnerable to Insertion of Sensitive Information into Log File High
CVE-2024-8775 was published for ansible-core (pip) Sep 16, 2024
Git credentials are exposed in Atlantis logs High
CVE-2024-52009 was published for github.com/runatlantis/atlantis (Go) Nov 8, 2024
niooss-ledger
APM Server vulnerable to Insertion of Sensitive Information into Log File High
CVE-2024-23448 was published for github.com/elastic/apm-server (Go) Feb 8, 2024
django-anymail Includes Sensitive Information in Log Files Critical
CVE-2018-1000089 was published for django-anymail (pip) May 14, 2022
westonsteimel
Insertion of Sensitive Information into Log File in ansible High
CVE-2021-20178 was published for ansible (pip) Jun 1, 2021
Ansible exposes sensitive data in log files and on the terminal High
CVE-2018-10855 was published for ansible (pip) Oct 10, 2018
Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged Moderate
CVE-2023-50740 was published for org.apache.linkis:linkis (Maven) Mar 6, 2024
oscerd
Logging of the firestore key within nodejs-firestore Moderate
CVE-2023-6460 was published for @google-cloud/firestore (npm) Dec 4, 2023
abhishekwebcode
@workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled Low
CVE-2024-51752 was published for @workos-inc/authkit-nextjs (npm) Nov 5, 2024
@workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled Low
CVE-2024-51753 was published for @workos-inc/authkit-remix (npm) Nov 5, 2024
Apache Solr Operator liveness and readiness probes may leak basic auth credentials Moderate
CVE-2024-31391 was published for github.com/apache/solr-operator (Go) Apr 12, 2024
The Snowflake Connector for Python stores sensitive data in logs Moderate
CVE-2024-49750 was published for snowflake-connector-python (pip) Oct 24, 2024
Jberet: jberet-core logging database credentials Moderate
CVE-2024-1102 was published for org.jberet:jberet-core (Maven) Apr 25, 2024
Rancher 'Audit Log' leaks sensitive information High
CVE-2023-22649 was published for github.com/rancher/rancher (Go) Feb 8, 2024
Quarkus CXF logs passwords and other secrets Moderate
CVE-2024-9621 was published for io.quarkiverse.cxf:quarkus-cxf (Maven) Oct 8, 2024
python-oslo-utils has improper password parsing Moderate
CVE-2022-0718 was published for oslo-utils (pip) Aug 29, 2022
Openstack Octavia allows Insertion of Sensitive Information into Log File High
CVE-2018-16856 was published for octavia (pip) May 13, 2022
oslo.middleware Information Disclosure vulnerability High
CVE-2017-2592 was published for oslo-middleware (pip) Jul 13, 2018
loguru vulnerable to improper privilege management Moderate
CVE-2022-0338 was published for loguru (pip) Jan 26, 2022
Improper masking of credentials in Jenkins Pipeline Maven Integration Plugin Moderate
CVE-2023-41934 was published for org.jenkins-ci.plugins:pipeline-maven (Maven) Sep 6, 2023
GitHub personal access token leaking into temporary EasyBuild (debug) logs Critical
CVE-2020-5262 was published for easybuild-framework (pip) Mar 19, 2020
zao boegel
Ceilometer Prints Sensitive Configuration Data to Log Moderate
CVE-2019-3830 was published for ceilometer (pip) May 13, 2022
Argo CD leaks repository credentials in user-facing error messages and in logs Moderate
CVE-2023-25163 was published for github.com/argoproj/argo-cd/v2 (Go) Feb 8, 2023
andrewpollock
Sensitive Information Exposure Through Insecure Logging For Secrets Like Metadata.DockerBuildArgs Moderate
GHSA-rjc6-vm4h-85cg was published for aws-sam-cli (pip) Sep 11, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database