GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
28 advisories
Filter by severity
Information Exposure in cordova-android
High
CVE-2016-6799
was published
for
cordova-android
(npm)
Sep 11, 2020
Insertion of Sensitive Information into Log File in Jupyter notebook
High
CVE-2022-24757
was published
for
jupyter-server
(pip)
Mar 25, 2022
Sensitive Auth & Cookie data stored in Jupyter server logs
High
CVE-2022-24758
was published
for
notebook
(pip)
Apr 5, 2022
Information Exposure in Snyk Broker
High
CVE-2020-7654
was published
for
snyk-broker
(npm)
Jun 3, 2020
Sensitive information disclosure via log in com.bmuschko:gradle-vagrant-plugin
High
CVE-2021-21361
was published
for
com.bmuschko:gradle-vagrant-plugin
(Maven)
Mar 9, 2021
Insertion of Sensitive Information into Log File in Apache Geode
High
CVE-2021-34797
was published
for
org.apache.geode:geode-core
(Maven)
Jan 6, 2022
Insertion of Sensitive Information into Log File in Apache NiFi
High
CVE-2020-1942
was published
for
org.apache.nifi:nifi-framework-core
(Maven)
Jan 6, 2022
Secret insertion into debug log in Docker
High
CVE-2019-13509
was published
for
github.com/docker/docker
(Go)
May 24, 2022
Moodle backs up private files
High
CVE-2012-1156
was published
for
moodle/moodle
(Composer)
Apr 23, 2022
Insertion of Sensitive Information into Log File in Apache NiFi Stateless
High
CVE-2020-9486
was published
for
org.apache.nifi:nifi-stateless
(Maven)
Jan 6, 2022
Information Disclosure in HashiCorp Vault
High
CVE-2020-13223
was published
for
github.com/hashicorp/vault
(Go)
May 18, 2021
Weave GitOps Terraform Controller Information Disclosure Vulnerability
High
CVE-2023-34236
was published
for
github.com/weaveworks/tf-controller
(Go)
Jul 14, 2023
Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability
High
CVE-2023-46215
was published
for
apache-airflow
(pip)
Oct 28, 2023
Debug mode leaks confidential data in Cilium
High
CVE-2023-29002
was published
for
github.com/cilium/cilium
(Go)
Apr 19, 2023
Headscale writes bearer tokens to info-level logs
High
CVE-2023-47390
was published
for
github.com/juanfont/headscale
(Go)
Nov 11, 2023
Vault GitHub Action did not correctly mask multi-line secrets in output
High
CVE-2021-32074
was published
for
hashicorp/vault-action
(GitHub Actions)
May 24, 2022
Insecure Variable Substitution in Vela
High
CVE-2024-28236
was published
for
github.com/go-vela/worker
(Go)
Mar 14, 2024
HashiCorp Consul Template could reveal Vault secret contents in error messages
High
CVE-2022-38149
was published
for
github.com/hashicorp/consul-template
(Go)
Aug 18, 2022
apko Exposure of HTTP basic auth credentials in log output
High
CVE-2024-36127
was published
for
chainguard.dev/apko
(Go)
Jun 4, 2024
Ansible Uses Plugins That Disclose Credentials
High
CVE-2019-14846
was published
for
ansible
(pip)
May 24, 2022
oslo.middleware Information Disclosure vulnerability
High
CVE-2017-2592
was published
for
oslo-middleware
(pip)
Jul 13, 2018
Openstack Octavia allows Insertion of Sensitive Information into Log File
High
CVE-2018-16856
was published
for
octavia
(pip)
May 13, 2022
Rancher 'Audit Log' leaks sensitive information
High
CVE-2023-22649
was published
for
github.com/rancher/rancher
(Go)
Feb 8, 2024
Ansible exposes sensitive data in log files and on the terminal
High
CVE-2018-10855
was published
for
ansible
(pip)
Oct 10, 2018
Insertion of Sensitive Information into Log File in ansible
High
CVE-2021-20178
was published
for
ansible
(pip)
Jun 1, 2021
ProTip!
Advisories are also available from the
GraphQL API