GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
44 advisories
Filter by severity
Weave GitOps leaked cluster credentials into logs on connection errors
Critical
CVE-2022-31098
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jun 23, 2022
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log...
Critical
Unreviewed
CVE-2017-8075
was published
May 17, 2022
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log...
Critical
Unreviewed
CVE-2017-8074
was published
May 17, 2022
Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may...
Critical
Unreviewed
CVE-2016-8233
was published
May 17, 2022
check-spelling workflow vulnerable to token leakage via symlink attack
Critical
CVE-2021-32724
was published
for
check-spelling/check-spelling
(GitHub Actions)
Jul 29, 2022
API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in...
Critical
Unreviewed
CVE-2019-4008
was published
May 13, 2022
A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate...
Critical
Unreviewed
CVE-2021-37760
was published
May 24, 2022
A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate...
Critical
Unreviewed
CVE-2021-37759
was published
May 24, 2022
A flaw was found in noobaa-operator in versions before 5.7.0, where internal RPC AuthTokens...
Critical
Unreviewed
CVE-2021-3528
was published
May 24, 2022
Credential exposure through log files in Undertow
Critical
CVE-2019-3888
was published
for
io.undertow:undertow-core
(Maven)
Jun 13, 2019
Potential to access user credentials from the log files when debug logging enabled
Critical
CVE-2019-10212
was published
for
io.undertow:undertow-core
(Maven)
Nov 20, 2019
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1...
Critical
Unreviewed
CVE-2019-7612
was published
May 13, 2022
Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part...
Critical
Unreviewed
CVE-2018-1264
was published
May 13, 2022
ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log...
Critical
Unreviewed
CVE-2018-1072
was published
May 13, 2022
Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored...
Critical
Unreviewed
CVE-2018-17922
was published
May 13, 2022
The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver...
Critical
Unreviewed
CVE-2017-9278
was published
May 13, 2022
In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations...
Critical
Unreviewed
CVE-2017-7434
was published
May 13, 2022
A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an...
Critical
Unreviewed
CVE-2017-6709
was published
May 13, 2022
Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache)...
Critical
Unreviewed
CVE-2017-15366
was published
May 13, 2022
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x...
Critical
Unreviewed
CVE-2017-4955
was published
May 13, 2022
Juniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an...
Critical
Unreviewed
CVE-2018-0042
was published
May 13, 2022
Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain...
Critical
Unreviewed
CVE-2017-9615
was published
May 13, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before...
Critical
Unreviewed
CVE-2018-16049
was published
May 14, 2022
An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is...
Critical
Unreviewed
CVE-2018-11716
was published
May 14, 2022
In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target...
Critical
Unreviewed
CVE-2018-11320
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API