GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
141 advisories
Filter by severity
GitHub personal access token leaking into temporary EasyBuild (debug) logs
Critical
CVE-2020-5262
was published
for
easybuild-framework
(pip)
Mar 19, 2020
Ansible vulnerable to Insertion of Sensitive Information into Log File
Moderate
CVE-2024-8775
was published
for
ansible-core
(pip)
Sep 16, 2024
django-anymail Includes Sensitive Information in Log Files
High
CVE-2018-1000089
was published
for
django-anymail
(pip)
May 14, 2022
Ceilometer Prints Sensitive Configuration Data to Log
Moderate
CVE-2019-3830
was published
for
ceilometer
(pip)
May 13, 2022
Argo CD leaks repository credentials in user-facing error messages and in logs
Moderate
CVE-2023-25163
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Feb 8, 2023
Sensitive Information Exposure Through Insecure Logging For Secrets Like Metadata.DockerBuildArgs
Moderate
GHSA-rjc6-vm4h-85cg
was published
for
aws-sam-cli
(pip)
Sep 11, 2024
AWS SageMaker Training Toolkit logs CodeArtifact Authorization token
Moderate
GHSA-635v-pc42-fr74
was published
for
sagemaker-training
(pip)
Sep 11, 2024
Ansible leaks sensitive information to logs when told not to
Moderate
CVE-2019-14858
was published
for
ansible
(pip)
May 24, 2022
Insertion of Sensitive Information into Log File in ansible
Moderate
CVE-2021-20191
was published
for
ansible
(pip)
Jun 1, 2021
Insertion of Sensitive Information into Log File, Invocation of Process Using Visible Sensitive Information, and Exposure of Sensitive Information to an Unauthorized Actor in Ansible
Moderate
CVE-2020-1753
was published
for
ansible
(pip)
Apr 7, 2021
Ansible Uses Plugins That Disclose Credentials
High
CVE-2019-14846
was published
for
ansible
(pip)
May 24, 2022
Vault Leaks Client Token and Token Accessor in Audit Devices
Moderate
CVE-2024-8365
was published
for
github.com/hashicorp/vault
(Go)
Sep 2, 2024
Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible
Moderate
CVE-2020-14330
was published
for
ansible
(pip)
Feb 9, 2022
Insertion of Sensitive Information into Log File and Improper Output Neutralization for Logs in ansible
Moderate
CVE-2020-14332
was published
for
ansible
(pip)
Feb 9, 2022
Insertion of Sensitive Information into Log File in ansible
Moderate
CVE-2021-20178
was published
for
ansible
(pip)
Jun 1, 2021
Inclusion of Sensitive Information in Log Files and Improper Output Neutralization for Logs in Ansible
Moderate
CVE-2019-14864
was published
for
ansible
(pip)
Feb 26, 2020
Ansible Insertion of Sensitive Information into Log File vulnerability
Critical
CVE-2017-7550
was published
for
ansible
(pip)
May 13, 2022
Ansible Logs Passwords If PowerShell ScriptBlock is Enabled
Moderate
CVE-2018-16859
was published
for
ansible
(pip)
May 14, 2022
Ansible exposes sensitive data in log files and on the terminal
Moderate
CVE-2018-10855
was published
for
ansible
(pip)
Oct 10, 2018
APM Server vulnerable to Insertion of Sensitive Information into Log File
Moderate
CVE-2024-37286
was published
for
github.com/elastic/apm-server
(Go)
Aug 3, 2024
Rancher 'Audit Log' leaks sensitive information
High
CVE-2023-22649
was published
for
github.com/rancher/rancher
(Go)
Feb 8, 2024
APM Server vulnerable to Insertion of Sensitive Information into Log File
Moderate
CVE-2024-23448
was published
for
github.com/elastic/apm-server
(Go)
Feb 8, 2024
CubeFS leaks users key in logs
Moderate
CVE-2023-46742
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
Steeltoe Leaks Basic Auth Credentials to Logs After Fetch Registry Error
Low
CVE-2024-40636
was published
for
Steeltoe.Discovery.ClientAutofac
(NuGet)
Jul 17, 2024
Elasticsearch Insertion of Sensitive Information into Log File
Moderate
CVE-2023-49921
was published
for
org.elasticsearch:elasticsearch
(Maven)
Jul 26, 2024
ProTip!
Advisories are also available from the
GraphQL API