Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

28 advisories

Loading
Vault Leaks Client Token and Token Accessor in Audit Devices Moderate
CVE-2024-8365 was published for github.com/hashicorp/vault (Go) Sep 2, 2024
APM Server vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2024-37286 was published for github.com/elastic/apm-server (Go) Aug 3, 2024
go-retryablehttp can leak basic auth credentials to log files Moderate
CVE-2024-6104 was published for github.com/hashicorp/go-retryablehttp (Go) Jun 24, 2024
goreleaser shows environment by default Moderate
GHSA-f6mm-5fc7-3g3c was published for github.com/goreleaser/goreleaser (Go) May 15, 2024
xrstf xmudrii
caarlos0
source-controller leaks Azure Storage SAS token into logs Moderate
CVE-2024-31216 was published for github.com/fluxcd/source-controller (Go) May 15, 2024
azure-file-csi-driver leaks service account tokens in the logs Moderate
CVE-2024-3744 was published for sigs.k8s.io/azurefile-csi-driver (Go) May 15, 2024
Sensitive Information leak via Log File in Kubernetes Moderate
CVE-2020-8563 was published for github.com/kubernetes/kubernetes (Go) Apr 24, 2024
Sensitive Information leak via Log File in Kubernetes Moderate
CVE-2020-8566 was published for github.com/kubernetes/kubernetes (Go) Apr 24, 2024
Apache Solr Operator liveness and readiness probes may leak basic auth credentials Moderate
CVE-2024-31391 was published for github.com/apache/solr-operator (Go) Apr 12, 2024
Hashicorp Vault may expose sensitive log information Moderate
CVE-2024-0831 was published for github.com/hashicorp/vault (Go) Feb 1, 2024
`goreleaser release --debug` shows secrets Moderate
CVE-2024-23840 was published for github.com/goreleaser/goreleaser (Go) Jan 30, 2024
andreaangiolillo caarlos0
CubeFS leaks users key in logs Moderate
CVE-2023-46742 was published for github.com/cubefs/cubefs (Go) Jan 3, 2024
AdamKorcz
Elastic Beats inserts sensitive information into log file Moderate
CVE-2023-49922 was published for github.com/elastic/beats (Go) Dec 12, 2023
levinebw
SpiceDB leaks information in log files when URI cannot be parsed Moderate
CVE-2023-46255 was published for github.com/authzed/spicedb (Go) Oct 31, 2023
TimDiekmann
ydb-go-sdk token in custom credentials object can leak through logs Moderate
CVE-2023-45825 was published for github.com/ydb-platform/ydb-go-sdk/v3 (Go) Oct 19, 2023
sumerki2020 se-foster
blinkov
Improper log output when using GitHub Status Notifications in spinnaker Moderate
CVE-2023-39348 was published for github.com/spinnaker/spinnaker (Go) Aug 29, 2023
Mattermost fails to sanitize post metadata Moderate
CVE-2023-4108 was published for github.com/mattermost/mattermost-server/v6 (Go) Aug 11, 2023
secrets-store-csi-driver discloses service account tokens in logs Moderate
CVE-2023-2878 was published for sigs.k8s.io/secrets-store-csi-driver (Go) May 26, 2023
tshaiman
OpenShift Assisted Installer leaks image pull secrets as plaintext in installation logs Moderate
CVE-2021-3684 was published for github.com/openshift/assisted-installer (Go) Mar 24, 2023
Argo CD leaks repository credentials in user-facing error messages and in logs Moderate
CVE-2023-25163 was published for github.com/argoproj/argo-cd/v2 (Go) Feb 8, 2023
andrewpollock
Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set Moderate
CVE-2023-24827 was published for github.com/anchore/syft (Go) Feb 8, 2023
wagoodman
Kubernetes client-go vulnerable to Sensitive Information Leak via Log File Moderate
CVE-2020-8565 was published for k8s.io/client-go (Go) Feb 6, 2023
Kubernetes Sensitive Information leak via Log File Moderate
CVE-2020-8564 was published for github.com/kubernetes/kubernetes (Go) Feb 6, 2023
Heketi logs sensitive information Moderate
CVE-2020-10763 was published for github.com/heketi/heketi (Go) May 24, 2022
Kubernetes client-go library logs may disclose credentials to unauthorized users Moderate
CVE-2019-11250 was published for k8s.io/client-go (Go) May 24, 2022
ProTip! Advisories are also available from the GraphQL API