Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,313
Erlang
31
GitHub Actions
21
Go
2,072
Maven
5,000+
npm
3,744
NuGet
669
pip
3,433
Pub
12
RubyGems
892
Rust
880
Swift
37
Unreviewed advisories
All unreviewed
5,000+

94 advisories

Loading
OpenNMS has potential Insertion of Sensitive Information into Log File vulnerability Moderate
CVE-2023-0815 was published for org.opennms:opennms (Maven) Feb 23, 2023
Argo CD leaks repository credentials in user-facing error messages and in logs Moderate
CVE-2023-25163 was published for github.com/argoproj/argo-cd/v2 (Go) Feb 8, 2023
andrewpollock
Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set Moderate
CVE-2023-24827 was published for github.com/anchore/syft (Go) Feb 8, 2023
wagoodman
Kubernetes client-go vulnerable to Sensitive Information Leak via Log File Moderate
CVE-2020-8565 was published for k8s.io/client-go (Go) Feb 6, 2023
Kubernetes Sensitive Information leak via Log File Moderate
CVE-2020-8564 was published for github.com/kubernetes/kubernetes (Go) Feb 6, 2023
python-oslo-utils has improper password parsing Moderate
CVE-2022-0718 was published for oslo-utils (pip) Aug 29, 2022
Insertion of Sensitive Information into Log File in typo3/cms-core Moderate
CVE-2022-31047 was published for typo3/cms (Composer) Jun 17, 2022
mhuber84 derhansen
Insertion of Sensitive Information into Log File in Elasticsearch Moderate
CVE-2020-7021 was published for org.elasticsearch:elasticsearch (Maven) May 24, 2022
Heketi logs sensitive information Moderate
CVE-2020-10763 was published for github.com/heketi/heketi (Go) May 24, 2022
Keycloak leaks sensitive information in logged exceptions Moderate
CVE-2020-1698 was published for org.keycloak:keycloak-core (Maven) May 24, 2022
Exposure of Sensitive Information in Gradle publish plugin Moderate
CVE-2020-7599 was published for com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin (Maven) May 24, 2022
Ansible leaks sensitive information to logs when told not to Moderate
CVE-2019-14858 was published for ansible (pip) May 24, 2022
Kubernetes client-go library logs may disclose credentials to unauthorized users Moderate
CVE-2019-11250 was published for k8s.io/client-go (Go) May 24, 2022
Insertion of Sensitive Information into Log File in Jenkins Mask Passwords Plugin Moderate
CVE-2019-10370 was published for org.jenkins-ci.plugins:mask-passwords (Maven) May 24, 2022
Insertion of Sensitive Information into Log File in Jenkins Configuration as Code Plugin Moderate
CVE-2019-10367 was published for io.jenkins:configuration-as-code (Maven) May 24, 2022
Jenkins Amazon EC2 Plugin leaked beginning of private key in system log Moderate
CVE-2019-10364 was published for org.jenkins-ci.plugins:ec2 (Maven) May 24, 2022
Insertion of Sensitive Information into Log File in Jenkins Configuration as Code Plugin Moderate
CVE-2019-10343 was published for io.jenkins:configuration-as-code (Maven) May 24, 2022
Maven Integration Plugin did not mask sensitive values in module build logs Moderate
CVE-2019-10358 was published for org.jenkins-ci.main:maven-plugin (Maven) May 24, 2022
Plaintext Storage of a Password in Jenkins Configuration as Code Plugin Moderate
CVE-2019-10345 was published for io.jenkins:configuration-as-code (Maven) May 24, 2022
OpenStack Glance sensitive information disclosure via logs Moderate
CVE-2014-1948 was published for glance (pip) May 17, 2022
Insertion of Sensitive Information into Log File in Apache Tomcat Moderate
CVE-2011-2204 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Ansible Logs Passwords If PowerShell ScriptBlock is Enabled Moderate
CVE-2018-16859 was published for ansible (pip) May 14, 2022
ovirt-engine Logs Plaintext Passwords To File Moderate
CVE-2017-15113 was published for org.ovirt.engine.sdk:ovirt-engine-sdk-java (Maven) May 13, 2022 withdrawn
Moodle sensitive information disclosure Moderate
CVE-2018-10889 was published for moodle/moodle (Composer) May 13, 2022
Mediawiki information disclosure vulnerability Moderate
CVE-2018-0504 was published for mediawiki/core (Composer) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database