GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
95 advisories
Filter by severity
loguru vulnerable to improper privilege management
Moderate
CVE-2022-0338
was published
for
loguru
(pip)
Jan 26, 2022
Improper masking of credentials in Jenkins Pipeline Maven Integration Plugin
Moderate
CVE-2023-41934
was published
for
org.jenkins-ci.plugins:pipeline-maven
(Maven)
Sep 6, 2023
Ansible vulnerable to Insertion of Sensitive Information into Log File
Moderate
CVE-2024-8775
was published
for
ansible-core
(pip)
Sep 16, 2024
Ceilometer Prints Sensitive Configuration Data to Log
Moderate
CVE-2019-3830
was published
for
ceilometer
(pip)
May 13, 2022
Argo CD leaks repository credentials in user-facing error messages and in logs
Moderate
CVE-2023-25163
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Feb 8, 2023
Sensitive Information Exposure Through Insecure Logging For Secrets Like Metadata.DockerBuildArgs
Moderate
GHSA-rjc6-vm4h-85cg
was published
for
aws-sam-cli
(pip)
Sep 11, 2024
AWS SageMaker Training Toolkit logs CodeArtifact Authorization token
Moderate
GHSA-635v-pc42-fr74
was published
for
sagemaker-training
(pip)
Sep 11, 2024
Ansible leaks sensitive information to logs when told not to
Moderate
CVE-2019-14858
was published
for
ansible
(pip)
May 24, 2022
Insertion of Sensitive Information into Log File in ansible
Moderate
CVE-2021-20191
was published
for
ansible
(pip)
Jun 1, 2021
Insertion of Sensitive Information into Log File, Invocation of Process Using Visible Sensitive Information, and Exposure of Sensitive Information to an Unauthorized Actor in Ansible
Moderate
CVE-2020-1753
was published
for
ansible
(pip)
Apr 7, 2021
Vault Leaks Client Token and Token Accessor in Audit Devices
Moderate
CVE-2024-8365
was published
for
github.com/hashicorp/vault
(Go)
Sep 2, 2024
Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible
Moderate
CVE-2020-14330
was published
for
ansible
(pip)
Feb 9, 2022
Insertion of Sensitive Information into Log File and Improper Output Neutralization for Logs in ansible
Moderate
CVE-2020-14332
was published
for
ansible
(pip)
Feb 9, 2022
Insertion of Sensitive Information into Log File in ansible
Moderate
CVE-2021-20178
was published
for
ansible
(pip)
Jun 1, 2021
Inclusion of Sensitive Information in Log Files and Improper Output Neutralization for Logs in Ansible
Moderate
CVE-2019-14864
was published
for
ansible
(pip)
Feb 26, 2020
Ansible Logs Passwords If PowerShell ScriptBlock is Enabled
Moderate
CVE-2018-16859
was published
for
ansible
(pip)
May 14, 2022
Ansible exposes sensitive data in log files and on the terminal
Moderate
CVE-2018-10855
was published
for
ansible
(pip)
Oct 10, 2018
APM Server vulnerable to Insertion of Sensitive Information into Log File
Moderate
CVE-2024-37286
was published
for
github.com/elastic/apm-server
(Go)
Aug 3, 2024
APM Server vulnerable to Insertion of Sensitive Information into Log File
Moderate
CVE-2024-23448
was published
for
github.com/elastic/apm-server
(Go)
Feb 8, 2024
CubeFS leaks users key in logs
Moderate
CVE-2023-46742
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
Elasticsearch Insertion of Sensitive Information into Log File
Moderate
CVE-2023-49921
was published
for
org.elasticsearch:elasticsearch
(Maven)
Jul 26, 2024
Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files
Moderate
CVE-2024-41178
was published
for
object_store
(Rust)
Jul 23, 2024
ops leaking secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command
Moderate
CVE-2024-41129
was published
for
ops
(pip)
Jul 22, 2024
Jberet: jberet-core logging database credentials
Moderate
CVE-2024-1102
was published
for
org.jberet:jberet-core
(Maven)
Apr 25, 2024
Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin
Moderate
CVE-2024-39460
was published
for
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
(Maven)
Jun 26, 2024
ProTip!
Advisories are also available from the
GraphQL API