Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

96 advisories

Loading
Potential unauthorized access to stored request & session data when plugin is misconfigured in October CMS Debugbar Moderate
CVE-2020-11094 was published for rainlab/debugbar-plugin (Composer) Jun 3, 2020
vogon101
Helm OCI credentials leaked into Argo CD logs Moderate
GHSA-6w87-g839-9wv7 was published for github.com/argoproj/argo-cd (Go) May 21, 2021
Insertion of Sensitive Information into Log File in ansible Moderate
CVE-2021-20180 was published for ansible (pip) Mar 17, 2022
KamilaBorowska
Insertion of Sensitive Information into Log File in Elasticsearch Moderate
CVE-2020-7021 was published for org.elasticsearch:elasticsearch (Maven) May 24, 2022
Insertion of Sensitive Information into Log File in Jenkins Mask Passwords Plugin Moderate
CVE-2019-10370 was published for org.jenkins-ci.plugins:mask-passwords (Maven) May 24, 2022
Exposure of Sensitive Information in Gradle publish plugin Moderate
CVE-2020-7599 was published for com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin (Maven) May 24, 2022
npm CLI exposing sensitive information through logs Moderate
CVE-2020-15095 was published for npm (npm) Jul 7, 2020
Insecure direct object reference of log files of the Import/Export feature Moderate
CVE-2021-37709 was published for shopware/core (Composer) Aug 30, 2021
Insertion of Sensitive Information into Log File in Hashicorp go-getter Moderate
CVE-2022-29810 was published for github.com/hashicorp/go-getter (Go) Apr 28, 2022
jhutchings1
Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set Moderate
CVE-2023-24827 was published for github.com/anchore/syft (Go) Feb 8, 2023
wagoodman
OpenNMS has potential Insertion of Sensitive Information into Log File vulnerability Moderate
CVE-2023-0815 was published for org.opennms:opennms (Maven) Feb 23, 2023
directus vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2023-28443 was published for directus (npm) Mar 23, 2023
JohnHillegass
Spring Vault vulnerable to insertion of sensitive information into a log file Moderate
CVE-2023-20859 was published for org.springframework.vault:spring-vault-core (Maven) Mar 23, 2023
OpenShift Assisted Installer leaks image pull secrets as plaintext in installation logs Moderate
CVE-2021-3684 was published for github.com/openshift/assisted-installer (Go) Mar 24, 2023
Veracode Scan Jenkins Plugin vulnerable to information disclosure Moderate
CVE-2023-25721 was published for com.veracode.jenkins:veracode-scan (Maven) Mar 28, 2023
@mittwald/kubernetes's secret contents leaked via debug logging Moderate
GHSA-g35x-j6jj-8g7j was published for @mittwald/kubernetes (npm) May 2, 2023
Wildfly logs plaintext passwords Moderate
CVE-2020-25640 was published for org.wildfly:wildfly-parent (Maven) Feb 15, 2022
Moodle sensitive information disclosure Moderate
CVE-2018-10889 was published for moodle/moodle (Composer) May 13, 2022
Insertion of Sensitive Information into Log File in typo3/cms-core Moderate
CVE-2022-31047 was published for typo3/cms (Composer) Jun 17, 2022
mhuber84 derhansen
Azure SDK for .NET Information Disclosure Vulnerability. Moderate
CVE-2022-26907 was published for Microsoft.Rest.ClientRuntime (NuGet) Apr 16, 2022
ovirt-engine Logs Plaintext Passwords To File Moderate
CVE-2017-15113 was published for org.ovirt.engine.sdk:ovirt-engine-sdk-java (Maven) May 13, 2022 withdrawn
Information Exposure in jaeger Moderate
CVE-2020-10750 was published for github.com/jaegertracing/jaeger (Go) May 18, 2021
Apache NiFi Insertion of Sensitive Information into Log File Moderate
CVE-2020-1928 was published for org.apache.nifi:nifi-parameter (Maven) Jan 6, 2022
Jenkins Amazon EC2 Plugin leaked beginning of private key in system log Moderate
CVE-2019-10364 was published for org.jenkins-ci.plugins:ec2 (Maven) May 24, 2022
SpiceDB leaks information in log files when URI cannot be parsed Moderate
CVE-2023-46255 was published for github.com/authzed/spicedb (Go) Oct 31, 2023
TimDiekmann
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database