Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

24 advisories

Loading
apko Exposure of HTTP basic auth credentials in log output High
CVE-2024-36127 was published for chainguard.dev/apko (Go) Jun 4, 2024
kolloch
Insecure Variable Substitution in Vela High
CVE-2024-28236 was published for github.com/go-vela/worker (Go) Mar 14, 2024
gdiepen
Rancher 'Audit Log' leaks sensitive information High
CVE-2023-22649 was published for github.com/rancher/rancher (Go) Feb 8, 2024
Headscale writes bearer tokens to info-level logs High
CVE-2023-47390 was published for github.com/juanfont/headscale (Go) Nov 11, 2023
Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability High
CVE-2023-46215 was published for apache-airflow (pip) Oct 28, 2023
Weave GitOps Terraform Controller Information Disclosure Vulnerability High
CVE-2023-34236 was published for github.com/weaveworks/tf-controller (Go) Jul 14, 2023
greenu
Debug mode leaks confidential data in Cilium High
CVE-2023-29002 was published for github.com/cilium/cilium (Go) Apr 19, 2023
meyskens
HashiCorp Consul Template could reveal Vault secret contents in error messages High
CVE-2022-38149 was published for github.com/hashicorp/consul-template (Go) Aug 18, 2022
Vault GitHub Action did not correctly mask multi-line secrets in output High
CVE-2021-32074 was published for hashicorp/vault-action (GitHub Actions) May 24, 2022
tdunlap607 Gentoli
Ansible Uses Plugins That Disclose Credentials High
CVE-2019-14846 was published for ansible-core (pip) May 24, 2022
Secret insertion into debug log in Docker High
CVE-2019-13509 was published for github.com/docker/docker (Go) May 24, 2022
joshbressers
django-anymail Includes Sensitive Information in Log Files High
CVE-2018-1000089 was published for django-anymail (pip) May 14, 2022
westonsteimel
Ceilometer Prints Sensitive Configuration Data to Log High
CVE-2019-3830 was published for ceilometer (pip) May 13, 2022
Openstack Octavia allows Insertion of Sensitive Information into Log File High
CVE-2018-16856 was published for octavia (pip) May 13, 2022
Moodle backs up private files High
CVE-2012-1156 was published for moodle/moodle (Composer) Apr 23, 2022
Sensitive Auth & Cookie data stored in Jupyter server logs High
CVE-2022-24758 was published for notebook (pip) Apr 5, 2022
3coins
Insertion of Sensitive Information into Log File in Jupyter notebook High
CVE-2022-24757 was published for jupyter-server (pip) Mar 25, 2022
3coins
Insertion of Sensitive Information into Log File in Apache Geode High
CVE-2021-34797 was published for org.apache.geode:geode-core (Maven) Jan 6, 2022
Insertion of Sensitive Information into Log File in Apache NiFi Stateless High
CVE-2020-9486 was published for org.apache.nifi:nifi-stateless (Maven) Jan 6, 2022
Insertion of Sensitive Information into Log File in Apache NiFi High
CVE-2020-1942 was published for org.apache.nifi:nifi-framework-core (Maven) Jan 6, 2022
Information Disclosure in HashiCorp Vault High
CVE-2020-13223 was published for github.com/hashicorp/vault (Go) May 18, 2021
Sensitive information disclosure via log in com.bmuschko:gradle-vagrant-plugin High
CVE-2021-21361 was published for com.bmuschko:gradle-vagrant-plugin (Maven) Mar 9, 2021
britter
Information Exposure in cordova-android High
CVE-2016-6799 was published for cordova-android (npm) Sep 11, 2020
Information Exposure in Snyk Broker High
CVE-2020-7654 was published for snyk-broker (npm) Jun 3, 2020
ProTip! Advisories are also available from the GraphQL API