GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
149 advisories
Filter by severity
Sensitive Data Exposure in sequelize-cli
Low
GHSA-3xc7-xg67-pw99
was published
for
sequelize-cli
(npm)
Jun 5, 2019
Log injection in SimpleSAMLphp
Low
CVE-2020-5225
was published
for
simplesamlphp/simplesamlphp
(Composer)
Jan 24, 2020
Potential unauthorized access to stored request & session data when plugin is misconfigured in October CMS Debugbar
Moderate
CVE-2020-11094
was published
for
rainlab/debugbar-plugin
(Composer)
Jun 3, 2020
Information Exposure in cordova-android
High
CVE-2016-6799
was published
for
cordova-android
(npm)
Sep 11, 2020
Helm OCI credentials leaked into Argo CD logs
Moderate
GHSA-6w87-g839-9wv7
was published
for
github.com/argoproj/argo-cd
(Go)
May 21, 2021
Shopware's log module vulnerable to Improper Output Neutralization
Low
CVE-2023-22733
was published
for
shopware/core
(Composer)
Jan 20, 2023
Insertion of Sensitive Information into Log File in ansible
Moderate
CVE-2021-20180
was published
for
ansible
(pip)
Mar 17, 2022
Insertion of Sensitive Information into Log File in Jupyter notebook
High
CVE-2022-24757
was published
for
jupyter-server
(pip)
Mar 25, 2022
Sensitive Auth & Cookie data stored in Jupyter server logs
High
CVE-2022-24758
was published
for
notebook
(pip)
Apr 5, 2022
Insertion of Sensitive Information into Log File in Elasticsearch
Moderate
CVE-2020-7021
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 24, 2022
Insertion of Sensitive Information into Log File in Jenkins Mask Passwords Plugin
Moderate
CVE-2019-10370
was published
for
org.jenkins-ci.plugins:mask-passwords
(Maven)
May 24, 2022
Exposure of Sensitive Information in Gradle publish plugin
Moderate
CVE-2020-7599
was published
for
com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin
(Maven)
May 24, 2022
Weave GitOps leaked cluster credentials into logs on connection errors
Critical
CVE-2022-31098
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jun 23, 2022
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log
Low
CVE-2022-31186
was published
for
next-auth
(npm)
Aug 6, 2022
check-spelling workflow vulnerable to token leakage via symlink attack
Critical
CVE-2021-32724
was published
for
check-spelling/check-spelling
(GitHub Actions)
Jul 29, 2022
Traefik may display authorization header in the debug logs
Low
CVE-2022-23469
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 8, 2022
npm CLI exposing sensitive information through logs
Moderate
CVE-2020-15095
was published
for
npm
(npm)
Jul 7, 2020
Credential exposure through log files in Undertow
Critical
CVE-2019-3888
was published
for
io.undertow:undertow-core
(Maven)
Jun 13, 2019
Potential to access user credentials from the log files when debug logging enabled
Critical
CVE-2019-10212
was published
for
io.undertow:undertow-core
(Maven)
Nov 20, 2019
Information Exposure in Snyk Broker
High
CVE-2020-7654
was published
for
snyk-broker
(npm)
Jun 3, 2020
Sensitive information disclosure via log in com.bmuschko:gradle-vagrant-plugin
High
CVE-2021-21361
was published
for
com.bmuschko:gradle-vagrant-plugin
(Maven)
Mar 9, 2021
Insecure direct object reference of log files of the Import/Export feature
Moderate
CVE-2021-37709
was published
for
shopware/core
(Composer)
Aug 30, 2021
Insertion of Sensitive Information into Log File in Apache Geode
High
CVE-2021-34797
was published
for
org.apache.geode:geode-core
(Maven)
Jan 6, 2022
Insertion of Sensitive Information into Log File in Hashicorp go-getter
Moderate
CVE-2022-29810
was published
for
github.com/hashicorp/go-getter
(Go)
Apr 28, 2022
Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set
Moderate
CVE-2023-24827
was published
for
github.com/anchore/syft
(Go)
Feb 8, 2023
ProTip!
Advisories are also available from the
GraphQL API