GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
94 advisories
Filter by severity
Improper permissions handling in MediaWiki AbuseFilter
Moderate
CVE-2024-47913
was published
for
mediawiki/abuse-filter
(Composer)
Oct 5, 2024
Quarkus CXF logs passwords and other secrets
Moderate
CVE-2024-9621
was published
for
io.quarkiverse.cxf:quarkus-cxf
(Maven)
Oct 8, 2024
OpenStack Glance sensitive information disclosure via logs
Moderate
CVE-2014-1948
was published
for
glance
(pip)
May 17, 2022
Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged
Moderate
CVE-2023-50740
was published
for
org.apache.linkis:linkis
(Maven)
Mar 6, 2024
Logging of the firestore key within nodejs-firestore
Moderate
CVE-2023-6460
was published
for
@google-cloud/firestore
(npm)
Dec 4, 2023
Apache Solr Operator liveness and readiness probes may leak basic auth credentials
Moderate
CVE-2024-31391
was published
for
github.com/apache/solr-operator
(Go)
Apr 12, 2024
The Snowflake Connector for Python stores sensitive data in logs
Moderate
CVE-2024-49750
was published
for
snowflake-connector-python
(pip)
Oct 24, 2024
Jberet: jberet-core logging database credentials
Moderate
CVE-2024-1102
was published
for
org.jberet:jberet-core
(Maven)
Apr 25, 2024
python-oslo-utils has improper password parsing
Moderate
CVE-2022-0718
was published
for
oslo-utils
(pip)
Aug 29, 2022
loguru vulnerable to improper privilege management
Moderate
CVE-2022-0338
was published
for
loguru
(pip)
Jan 26, 2022
Improper masking of credentials in Jenkins Pipeline Maven Integration Plugin
Moderate
CVE-2023-41934
was published
for
org.jenkins-ci.plugins:pipeline-maven
(Maven)
Sep 6, 2023
Ceilometer Prints Sensitive Configuration Data to Log
Moderate
CVE-2019-3830
was published
for
ceilometer
(pip)
May 13, 2022
Argo CD leaks repository credentials in user-facing error messages and in logs
Moderate
CVE-2023-25163
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Feb 8, 2023
Sensitive Information Exposure Through Insecure Logging For Secrets Like Metadata.DockerBuildArgs
Moderate
GHSA-rjc6-vm4h-85cg
was published
for
aws-sam-cli
(pip)
Sep 11, 2024
AWS SageMaker Training Toolkit logs CodeArtifact Authorization token
Moderate
GHSA-635v-pc42-fr74
was published
for
sagemaker-training
(pip)
Sep 11, 2024
Ansible leaks sensitive information to logs when told not to
Moderate
CVE-2019-14858
was published
for
ansible
(pip)
May 24, 2022
Insertion of Sensitive Information into Log File in ansible
Moderate
CVE-2021-20191
was published
for
ansible
(pip)
Jun 1, 2021
Insertion of Sensitive Information into Log File, Invocation of Process Using Visible Sensitive Information, and Exposure of Sensitive Information to an Unauthorized Actor in Ansible
Moderate
CVE-2020-1753
was published
for
ansible
(pip)
Apr 7, 2021
Vault Leaks Client Token and Token Accessor in Audit Devices
Moderate
CVE-2024-8365
was published
for
github.com/hashicorp/vault
(Go)
Sep 2, 2024
Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible
Moderate
CVE-2020-14330
was published
for
ansible
(pip)
Feb 9, 2022
Insertion of Sensitive Information into Log File and Improper Output Neutralization for Logs in ansible
Moderate
CVE-2020-14332
was published
for
ansible
(pip)
Feb 9, 2022
Inclusion of Sensitive Information in Log Files and Improper Output Neutralization for Logs in Ansible
Moderate
CVE-2019-14864
was published
for
ansible
(pip)
Feb 26, 2020
Ansible Logs Passwords If PowerShell ScriptBlock is Enabled
Moderate
CVE-2018-16859
was published
for
ansible
(pip)
May 14, 2022
APM Server vulnerable to Insertion of Sensitive Information into Log File
Moderate
CVE-2024-37286
was published
for
github.com/elastic/apm-server
(Go)
Aug 3, 2024
CubeFS leaks users key in logs
Moderate
CVE-2023-46742
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
ProTip!
Advisories are also available from the
GraphQL API