Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

10 advisories

Loading
Weave GitOps leaked cluster credentials into logs on connection errors Critical
CVE-2022-31098 was published for github.com/weaveworks/weave-gitops (Go) Jun 23, 2022
stefanprodan
check-spelling workflow vulnerable to token leakage via symlink attack Critical
CVE-2021-32724 was published for check-spelling/check-spelling (GitHub Actions) Jul 29, 2022
justinsteven
Credential exposure through log files in Undertow Critical
CVE-2019-3888 was published for io.undertow:undertow-core (Maven) Jun 13, 2019
Potential to access user credentials from the log files when debug logging enabled Critical
CVE-2019-10212 was published for io.undertow:undertow-core (Maven) Nov 20, 2019
Argo CD cluster secret might leak in cluster details page Critical
CVE-2023-40029 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 11, 2023
alexmt
@valtimo/components exposes access token to form.io Critical
CVE-2024-34706 was published for @valtimo/components (npm) May 13, 2024
OpenStack Nova logs sensitive context from notification exceptions Critical
CVE-2017-7214 was published for nova (pip) May 14, 2022
Ansible Insertion of Sensitive Information into Log File vulnerability Critical
CVE-2017-7550 was published for ansible (pip) May 13, 2022
GitHub personal access token leaking into temporary EasyBuild (debug) logs Critical
CVE-2020-5262 was published for easybuild-framework (pip) Mar 19, 2020
zao boegel
django-anymail Includes Sensitive Information in Log Files Critical
CVE-2018-1000089 was published for django-anymail (pip) May 14, 2022
westonsteimel
ProTip! Advisories are also available from the GraphQL API