GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
42 advisories
Filter by severity
Debug mode leaks confidential data in Cilium
High
CVE-2023-29002
was published
for
github.com/cilium/cilium
(Go)
Apr 19, 2023
OpenShift Assisted Installer leaks image pull secrets as plaintext in installation logs
Moderate
CVE-2021-3684
was published
for
github.com/openshift/assisted-installer
(Go)
Mar 24, 2023
Argo CD leaks repository credentials in user-facing error messages and in logs
Moderate
CVE-2023-25163
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Feb 8, 2023
Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set
Moderate
CVE-2023-24827
was published
for
github.com/anchore/syft
(Go)
Feb 8, 2023
Kubernetes client-go vulnerable to Sensitive Information Leak via Log File
Moderate
CVE-2020-8565
was published
for
k8s.io/client-go
(Go)
Feb 6, 2023
Kubernetes Sensitive Information leak via Log File
Moderate
CVE-2020-8564
was published
for
github.com/kubernetes/kubernetes
(Go)
Feb 6, 2023
Traefik may display authorization header in the debug logs
Low
CVE-2022-23469
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 8, 2022
HashiCorp Consul Template could reveal Vault secret contents in error messages
High
CVE-2022-38149
was published
for
github.com/hashicorp/consul-template
(Go)
Aug 18, 2022
Weave GitOps leaked cluster credentials into logs on connection errors
Critical
CVE-2022-31098
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jun 23, 2022
Heketi logs sensitive information
Moderate
CVE-2020-10763
was published
for
github.com/heketi/heketi
(Go)
May 24, 2022
Kubernetes client-go library logs may disclose credentials to unauthorized users
Moderate
CVE-2019-11250
was published
for
k8s.io/client-go
(Go)
May 24, 2022
Secret insertion into debug log in Docker
High
CVE-2019-13509
was published
for
github.com/docker/docker
(Go)
May 24, 2022
Insertion of Sensitive Information into Log File in Hashicorp go-getter
Moderate
CVE-2022-29810
was published
for
github.com/hashicorp/go-getter
(Go)
Apr 28, 2022
Helm OCI credentials leaked into Argo CD logs
Moderate
GHSA-6w87-g839-9wv7
was published
for
github.com/argoproj/argo-cd
(Go)
May 21, 2021
Information Exposure in jaeger
Moderate
CVE-2020-10750
was published
for
github.com/jaegertracing/jaeger
(Go)
May 18, 2021
Information Disclosure in go.elastic.co/apm
Low
CVE-2021-22133
was published
for
go.elastic.co/apm
(Go)
May 18, 2021
Information Disclosure in HashiCorp Vault
High
CVE-2020-13223
was published
for
github.com/hashicorp/vault
(Go)
May 18, 2021
ProTip!
Advisories are also available from the
GraphQL API