Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

147 advisories

Loading
Git credentials are exposed in Atlantis logs High
CVE-2024-52009 was published for github.com/runatlantis/atlantis (Go) Nov 8, 2024
niooss-ledger
@workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled Low
CVE-2024-51753 was published for @workos-inc/authkit-remix (npm) Nov 5, 2024
@workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled Low
CVE-2024-51752 was published for @workos-inc/authkit-nextjs (npm) Nov 5, 2024
The Snowflake Connector for Python stores sensitive data in logs Moderate
CVE-2024-49750 was published for snowflake-connector-python (pip) Oct 24, 2024
Quarkus CXF logs passwords and other secrets Moderate
CVE-2024-9621 was published for io.quarkiverse.cxf:quarkus-cxf (Maven) Oct 8, 2024
Ansible vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2024-8775 was published for ansible-core (pip) Sep 16, 2024
Sensitive Information Exposure Through Insecure Logging For Secrets Like Metadata.DockerBuildArgs Moderate
GHSA-rjc6-vm4h-85cg was published for aws-sam-cli (pip) Sep 11, 2024
AWS SageMaker Training Toolkit logs CodeArtifact Authorization token Moderate
GHSA-635v-pc42-fr74 was published for sagemaker-training (pip) Sep 11, 2024
Vault Leaks Client Token and Token Accessor in Audit Devices Moderate
CVE-2024-8365 was published for github.com/hashicorp/vault (Go) Sep 2, 2024
APM Server vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2024-37286 was published for github.com/elastic/apm-server (Go) Aug 3, 2024
Elasticsearch Insertion of Sensitive Information into Log File Moderate
CVE-2023-49921 was published for org.elasticsearch:elasticsearch (Maven) Jul 26, 2024
Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files Moderate
CVE-2024-41178 was published for object_store (Rust) Jul 23, 2024
oscerd
ops leaking secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command Moderate
CVE-2024-41129 was published for ops (pip) Jul 22, 2024
phvalguima
Steeltoe Leaks Basic Auth Credentials to Logs After Fetch Registry Error Low
CVE-2024-40636 was published for Steeltoe.Discovery.ClientAutofac (NuGet) Jul 17, 2024
Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin Moderate
CVE-2024-39460 was published for org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven) Jun 26, 2024
go-retryablehttp can leak basic auth credentials to log files Moderate
CVE-2024-6104 was published for github.com/hashicorp/go-retryablehttp (Go) Jun 24, 2024
SonarQube logs sensitive information Moderate
CVE-2024-38460 was published for org.sonarsource.sonarqube:sonar-web (Maven) Jun 16, 2024
apko Exposure of HTTP basic auth credentials in log output High
CVE-2024-36127 was published for chainguard.dev/apko (Go) Jun 4, 2024
kolloch
Slack integration leaks sensitive information in logs Low
CVE-2024-35196 was published for sentry (pip) Jun 2, 2024
asottile asottile-sentry
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability Low
CVE-2024-34715 was published for ethyca-fides (pip) May 29, 2024
tariqajyusuf pattisdr
goreleaser shows environment by default Moderate
GHSA-f6mm-5fc7-3g3c was published for github.com/goreleaser/goreleaser (Go) May 15, 2024
xrstf xmudrii
caarlos0
source-controller leaks Azure Storage SAS token into logs Moderate
CVE-2024-31216 was published for github.com/fluxcd/source-controller (Go) May 15, 2024
azure-file-csi-driver leaks service account tokens in the logs Moderate
CVE-2024-3744 was published for sigs.k8s.io/azurefile-csi-driver (Go) May 15, 2024
@valtimo/components exposes access token to form.io Critical
CVE-2024-34706 was published for @valtimo/components (npm) May 13, 2024
matrix-sdk-crypto contains a log exposure of private key of the server-side key backup Moderate
CVE-2024-34353 was published for matrix-sdk-crypto (Rust) May 13, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database