Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+

435 advisories

Loading
Potential unauthorized access to stored request & session data when plugin is misconfigured in October CMS Debugbar Moderate
CVE-2020-11094 was published for rainlab/debugbar-plugin (Composer) Jun 3, 2020
vogon101
Helm OCI credentials leaked into Argo CD logs Moderate
GHSA-6w87-g839-9wv7 was published for github.com/argoproj/argo-cd (Go) May 21, 2021
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to... Moderate Unreviewed
CVE-2019-14782 was published May 24, 2022
Insertion of Sensitive Information into Log File in ansible Moderate
CVE-2021-20180 was published for ansible (pip) Mar 17, 2022
KamilaBorowska
In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which... Moderate Unreviewed
CVE-2022-25518 was published Mar 24, 2022
Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be... Moderate Unreviewed
CVE-2022-28774 was published May 12, 2022
Insertion of Sensitive Information into Log File in Elasticsearch Moderate
CVE-2020-7021 was published for org.elasticsearch:elasticsearch (Maven) May 24, 2022
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an... Moderate Unreviewed
CVE-2019-15508 was published May 24, 2022
Insertion of Sensitive Information into Log File in Jenkins Mask Passwords Plugin Moderate
CVE-2019-10370 was published for org.jenkins-ci.plugins:mask-passwords (Maven) May 24, 2022
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway... Moderate Unreviewed
CVE-2022-20807 was published May 28, 2022
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an... Moderate Unreviewed
CVE-2019-15507 was published May 24, 2022
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway... Moderate Unreviewed
CVE-2022-20809 was published May 27, 2022
Exposure of Sensitive Information in Gradle publish plugin Moderate
CVE-2020-7599 was published for com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin (Maven) May 24, 2022
Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6... Moderate Unreviewed
CVE-2022-30733 was published Jun 8, 2022
Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized... Moderate Unreviewed
CVE-2022-32193 was published Jun 14, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Business Process... Moderate Unreviewed
CVE-2021-1576 was published May 24, 2022
Windows Desired State Configuration (DSC) Information Disclosure Vulnerability. Moderate Unreviewed
CVE-2022-30148 was published Jun 16, 2022
rsyslog uses weak permissions for generating log files, which allows local users to obtain... Moderate Unreviewed
CVE-2015-3243 was published May 17, 2022
A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and... Moderate Unreviewed
CVE-2022-20768 was published Jul 7, 2022
An issue was discovered in Couchbase Server 7.x before 7.0.4. Field names are not redacted in... Moderate Unreviewed
CVE-2022-33911 was published Jul 13, 2022
IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be... Moderate Unreviewed
CVE-2016-9985 was published May 17, 2022
An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could... Moderate Unreviewed
CVE-2017-5137 was published May 17, 2022
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged... Moderate Unreviewed
CVE-2022-31674 was published Aug 11, 2022
In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in... Moderate Unreviewed
CVE-2022-36321 was published Jul 21, 2022
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log... Moderate Unreviewed
CVE-2016-8912 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database