GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,089
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
667 advisories
Filter by severity
IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive...
Moderate
Unreviewed
CVE-2023-30430
was published
Jun 27, 2024
Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin
Moderate
CVE-2024-39460
was published
for
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
(Maven)
Jun 26, 2024
go-retryablehttp can leak basic auth credentials to log files
Moderate
CVE-2024-6104
was published
for
github.com/hashicorp/go-retryablehttp
(Go)
Jun 24, 2024
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2...
Low
Unreviewed
CVE-2024-28830
was published
Jun 26, 2024
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a...
Low
Unreviewed
CVE-2024-29177
was published
Jun 26, 2024
An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with...
Unknown
Unreviewed
CVE-2024-6060
was published
Jun 26, 2024
Elastic Beats inserts sensitive information into log file
Moderate
CVE-2023-49922
was published
for
github.com/elastic/beats
(Go)
Dec 12, 2023
Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing...
Moderate
Unreviewed
CVE-2022-44587
was published
Jun 21, 2024
SonarQube logs sensitive information
Moderate
CVE-2024-38460
was published
for
org.sonarsource.sonarqube:sonar-web
(Maven)
Jun 16, 2024
Vault Enterprise, when configured with performance standby nodes and a configured audit device,...
Moderate
Unreviewed
CVE-2024-2877
was published
Apr 30, 2024
The sessions are stored in clear-text logs. An attacker can retrieve authentication sessions. A...
Moderate
Unreviewed
CVE-2024-27157
was published
Jun 14, 2024
The session cookies, used for authentication, are stored in clear-text logs. An attacker can...
Moderate
Unreviewed
CVE-2024-27156
was published
Jun 14, 2024
Passwords are stored in clear-text logs. An attacker can retrieve passwords. As for the affected...
Moderate
Unreviewed
CVE-2024-27154
was published
Jun 14, 2024
A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user...
Unknown
Unreviewed
CVE-2024-5908
was published
Jun 12, 2024
CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause...
Moderate
Unreviewed
CVE-2024-5557
was published
Jun 12, 2024
azure-file-csi-driver leaks service account tokens in the logs
Moderate
CVE-2024-3744
was published
for
sigs.k8s.io/azurefile-csi-driver
(Go)
May 15, 2024
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 stores potentially...
Moderate
Unreviewed
CVE-2024-25030
was published
Apr 3, 2024
Insertion of Sensitive Information into Log File vulnerability in Octolize USPS Shipping for...
Moderate
Unreviewed
CVE-2024-32811
was published
Jun 9, 2024
Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C...
Unknown
Unreviewed
CVE-2024-0912
was published
Jun 6, 2024
Insertion of Sensitive Information into Log File vulnerability in Code Parrots Easy Forms for...
High
Unreviewed
CVE-2024-25095
was published
Jun 4, 2024
Jberet: jberet-core logging database credentials
Moderate
CVE-2024-1102
was published
for
org.jberet:jberet-core
(Maven)
Apr 25, 2024
apko Exposure of HTTP basic auth credentials in log output
High
CVE-2024-36127
was published
for
chainguard.dev/apko
(Go)
Jun 4, 2024
Insertion of Sensitive Information into Log File vulnerability in Lukman Nakib Debug Log – Manger...
Moderate
Unreviewed
CVE-2024-34798
was published
Jun 3, 2024
Slack integration leaks sensitive information in logs
Low
CVE-2024-35196
was published
for
sentry
(pip)
Jun 2, 2024
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability
Low
CVE-2024-34715
was published
for
ethyca-fides
(pip)
May 29, 2024
ProTip!
Advisories are also available from the
GraphQL API