Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,089
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

40 advisories

Loading
Helm OCI credentials leaked into Argo CD logs Moderate
GHSA-6w87-g839-9wv7 was published for github.com/argoproj/argo-cd (Go) May 21, 2021
Weave GitOps leaked cluster credentials into logs on connection errors Critical
CVE-2022-31098 was published for github.com/weaveworks/weave-gitops (Go) Jun 23, 2022
stefanprodan
Traefik may display authorization header in the debug logs Low
CVE-2022-23469 was published for github.com/traefik/traefik/v2 (Go) Dec 8, 2022
Insertion of Sensitive Information into Log File in Hashicorp go-getter Moderate
CVE-2022-29810 was published for github.com/hashicorp/go-getter (Go) Apr 28, 2022
jhutchings1
Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set Moderate
CVE-2023-24827 was published for github.com/anchore/syft (Go) Feb 8, 2023
wagoodman
OpenShift Assisted Installer leaks image pull secrets as plaintext in installation logs Moderate
CVE-2021-3684 was published for github.com/openshift/assisted-installer (Go) Mar 24, 2023
Argo CD leaks repository credentials in user-facing error messages and in logs Moderate
CVE-2023-25163 was published for github.com/argoproj/argo-cd (Go) Feb 8, 2023
Secret insertion into debug log in Docker High
CVE-2019-13509 was published for github.com/docker/docker (Go) May 24, 2022
joshbressers
Information Disclosure in go.elastic.co/apm Low
CVE-2021-22133 was published for go.elastic.co/apm (Go) May 18, 2021
Information Exposure in jaeger Moderate
CVE-2020-10750 was published for github.com/jaegertracing/jaeger (Go) May 18, 2021
Information Disclosure in HashiCorp Vault High
CVE-2020-13223 was published for github.com/hashicorp/vault (Go) May 18, 2021
SpiceDB leaks information in log files when URI cannot be parsed Moderate
CVE-2023-46255 was published for github.com/authzed/spicedb (Go) Oct 31, 2023
TimDiekmann
Argo CD cluster secret might leak in cluster details page Critical
CVE-2023-40029 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 11, 2023
alexmt
Weave GitOps Terraform Controller Information Disclosure Vulnerability High
CVE-2023-34236 was published for github.com/weaveworks/tf-controller (Go) Jul 14, 2023
greenu
Improper log output when using GitHub Status Notifications in spinnaker Moderate
CVE-2023-39348 was published for github.com/spinnaker/spinnaker (Go) Aug 29, 2023
secrets-store-csi-driver discloses service account tokens in logs Moderate
CVE-2023-2878 was published for sigs.k8s.io/secrets-store-csi-driver (Go) May 26, 2023
tshaiman
Mattermost fails to sanitize post metadata Moderate
CVE-2023-4108 was published for github.com/mattermost/mattermost-server/v6 (Go) Aug 11, 2023
Debug mode leaks confidential data in Cilium High
CVE-2023-29002 was published for github.com/cilium/cilium (Go) Apr 19, 2023
meyskens
Headscale writes bearer tokens to info-level logs High
CVE-2023-47390 was published for github.com/juanfont/headscale (Go) Nov 11, 2023
ydb-go-sdk token in custom credentials object can leak through logs Moderate
CVE-2023-45825 was published for github.com/ydb-platform/ydb-go-sdk/v3 (Go) Oct 19, 2023
sumerki2020 se-foster
blinkov
CubeFS leaks users key in logs Moderate
CVE-2023-46742 was published for github.com/cubefs/cubefs (Go) Jan 3, 2024
AdamKorcz
`goreleaser release --debug` shows secrets Moderate
CVE-2024-23840 was published for github.com/goreleaser/goreleaser (Go) Jan 30, 2024
andreaangiolillo caarlos0
Rancher 'Audit Log' leaks sensitive information High
CVE-2023-22649 was published for github.com/rancher/rancher (Go) Feb 8, 2024
APM Server vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2024-23448 was published for github.com/elastic/apm-server (Go) Feb 8, 2024
Hashicorp Vault may expose sensitive log information Moderate
CVE-2024-0831 was published for github.com/hashicorp/vault (Go) Feb 1, 2024
ProTip! Advisories are also available from the GraphQL API