Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

225 advisories

Loading
Jberet: jberet-core logging database credentials Moderate
CVE-2024-1102 was published for org.jberet:jberet-core (Maven) Apr 25, 2024
Sensitive Information leak via Log File in Kubernetes Moderate
CVE-2020-8563 was published for github.com/kubernetes/kubernetes (Go) Apr 24, 2024
Sensitive Information leak via Log File in Kubernetes Moderate
CVE-2020-8566 was published for github.com/kubernetes/kubernetes (Go) Apr 24, 2024
Apache Solr Operator liveness and readiness probes may leak basic auth credentials Moderate
CVE-2024-31391 was published for github.com/apache/solr-operator (Go) Apr 12, 2024
Insecure Variable Substitution in Vela High
CVE-2024-28236 was published for github.com/go-vela/worker (Go) Mar 14, 2024
gdiepen Credited to gdiepen
Potential log injection in reset user endpoint in CKAN Moderate
CVE-2024-27097 was published for ckan (pip) Mar 13, 2024
ZuhairORZaki Credited to ZuhairORZaki
Jenkins MQ Notifier Plugin exposes sensitive information in build logs Moderate
CVE-2024-28154 was published for com.sonymobile.jenkins.plugins.mq:mq-notifier (Maven) Mar 6, 2024
Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged Moderate
CVE-2023-50740 was published for org.apache.linkis:linkis (Maven) Mar 6, 2024
oscerd Credited to oscerd
Rancher 'Audit Log' leaks sensitive information High
CVE-2023-22649 was published for github.com/rancher/rancher (Go) Feb 8, 2024
APM Server vulnerable to Insertion of Sensitive Information into Log File High
CVE-2024-23448 was published for github.com/elastic/apm-server (Go) Feb 8, 2024
glance-store logs s3 access keys Moderate
CVE-2024-1141 was published for glance-store (pip) Feb 1, 2024
m3t3kh4n Credited to m3t3kh4n
Hashicorp Vault may expose sensitive log information Moderate
CVE-2024-0831 was published for github.com/hashicorp/vault (Go) Feb 1, 2024
`goreleaser release --debug` shows secrets Moderate
CVE-2024-23840 was published for github.com/goreleaser/goreleaser (Go) Jan 30, 2024
andreaangiolillo Credited to andreaangiolillo and caarlos0 caarlos0 caarlos0
Insertion of Sensitive Information into Log File in OWASP DependencyCheck Moderate
CVE-2024-23686 was published for org.owasp:dependency-check-ant (Maven) Jan 20, 2024
r3kumar Credited to r3kumar
react-native-mmkv Insertion of Sensitive Information into Log File vulnerability Moderate
CVE-2024-21668 was published for react-native-mmkv (npm) Jan 9, 2024
maxammann Credited to maxammann
CubeFS leaks users key in logs Moderate
CVE-2023-46742 was published for github.com/cubefs/cubefs (Go) Jan 3, 2024
AdamKorcz Credited to AdamKorcz
nvdApiKey is logged in debug mode Low
GHSA-qqhq-8r2c-c3f5 was published for org.owasp:dependency-check-ant (Maven) Dec 15, 2023
hott-box Credited to hott-box
Elastic Beats inserts sensitive information into log file Moderate
CVE-2023-49922 was published for github.com/elastic/beats (Go) Dec 12, 2023
levinebw Credited to levinebw
Logging of the firestore key within nodejs-firestore Moderate
CVE-2023-6460 was published for @google-cloud/firestore (npm) Dec 4, 2023
abhishekwebcode Credited to abhishekwebcode
Insertion of Sensitive Information into Log Moderate
CVE-2023-48708 was published for codeigniter4/shield (Composer) Nov 23, 2023
Exposure of Sensitive Information in Elastic APM .NET Agent Low
CVE-2021-22143 was published for Elastic.Apm (NuGet) Nov 22, 2023
MarkLee131 Credited to MarkLee131
Headscale writes bearer tokens to info-level logs High
CVE-2023-47390 was published for github.com/juanfont/headscale (Go) Nov 11, 2023
SpiceDB leaks information in log files when URI cannot be parsed Moderate
CVE-2023-46255 was published for github.com/authzed/spicedb (Go) Oct 31, 2023
TimDiekmann Credited to TimDiekmann
Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability High
CVE-2023-46215 was published for apache-airflow (pip) Oct 28, 2023
Elasticsearch allows insertion of sensitive information into log files when using deprecated URIs Moderate
CVE-2023-31417 was published for org.elasticsearch:elasticsearch (Maven) Oct 26, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database