GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
751 advisories
Filter by severity
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2...
Low
Unreviewed
CVE-2024-28830
was published
Jun 26, 2024
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a...
Low
Unreviewed
CVE-2024-29177
was published
Jun 26, 2024
An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with...
Unknown
Unreviewed
CVE-2024-6060
was published
Jun 26, 2024
A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b...
Moderate
Unreviewed
CVE-2024-29954
was published
Jun 26, 2024
go-retryablehttp can leak basic auth credentials to log files
Moderate
CVE-2024-6104
was published
for
github.com/hashicorp/go-retryablehttp
(Go)
Jun 24, 2024
Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing...
Moderate
Unreviewed
CVE-2022-44587
was published
Jun 21, 2024
SonarQube logs sensitive information
Moderate
CVE-2024-38460
was published
for
org.sonarsource.sonarqube:sonar-web
(Maven)
Jun 16, 2024
The session cookies, used for authentication, are stored in clear-text logs. An attacker can...
Moderate
Unreviewed
CVE-2024-27156
was published
Jun 14, 2024
The sessions are stored in clear-text logs. An attacker can retrieve authentication sessions. A...
Moderate
Unreviewed
CVE-2024-27157
was published
Jun 14, 2024
Passwords are stored in clear-text logs. An attacker can retrieve passwords. As for the affected...
Moderate
Unreviewed
CVE-2024-27154
was published
Jun 14, 2024
A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user...
Moderate
Unreviewed
CVE-2024-5908
was published
Jun 12, 2024
CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause...
Moderate
Unreviewed
CVE-2024-5557
was published
Jun 12, 2024
Insertion of Sensitive Information into Log File vulnerability in Octolize USPS Shipping for...
Moderate
Unreviewed
CVE-2024-32811
was published
Jun 9, 2024
Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C...
High
Unreviewed
CVE-2024-0912
was published
Jun 6, 2024
Insertion of Sensitive Information into Log File vulnerability in Code Parrots Easy Forms for...
High
Unreviewed
CVE-2024-25095
was published
Jun 4, 2024
apko Exposure of HTTP basic auth credentials in log output
High
CVE-2024-36127
was published
for
chainguard.dev/apko
(Go)
Jun 4, 2024
Insertion of Sensitive Information into Log File vulnerability in Lukman Nakib Debug Log – Manger...
Moderate
Unreviewed
CVE-2024-34798
was published
Jun 3, 2024
Slack integration leaks sensitive information in logs
Low
CVE-2024-35196
was published
for
sentry
(pip)
Jun 2, 2024
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability
Low
CVE-2024-34715
was published
for
ethyca-fides
(pip)
May 29, 2024
goreleaser shows environment by default
Moderate
GHSA-f6mm-5fc7-3g3c
was published
for
github.com/goreleaser/goreleaser
(Go)
May 15, 2024
source-controller leaks Azure Storage SAS token into logs
Moderate
CVE-2024-31216
was published
for
github.com/fluxcd/source-controller
(Go)
May 15, 2024
azure-file-csi-driver leaks service account tokens in the logs
Moderate
CVE-2024-3744
was published
for
sigs.k8s.io/azurefile-csi-driver
(Go)
May 15, 2024
Insertion of Sensitive Information into Log File vulnerability in Ghost Foundation Ghost.This...
High
Unreviewed
CVE-2024-34559
was published
May 14, 2024
Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365...
Moderate
Unreviewed
CVE-2024-34550
was published
May 14, 2024
@valtimo/components exposes access token to form.io
Critical
CVE-2024-34706
was published
for
@valtimo/components
(npm)
May 13, 2024
ProTip!
Advisories are also available from the
GraphQL API