GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
29 advisories
Filter by severity
Slack integration leaks sensitive information in logs
Low
CVE-2024-35196
was published
for
sentry
(pip)
Jun 2, 2024
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability
Low
CVE-2024-34715
was published
for
ethyca-fides
(pip)
May 29, 2024
Potential log injection in reset user endpoint in CKAN
Moderate
CVE-2024-27097
was published
for
ckan
(pip)
Mar 13, 2024
glance-store logs s3 access keys
Moderate
CVE-2024-1141
was published
for
glance-store
(pip)
Feb 1, 2024
Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability
High
CVE-2023-46215
was published
for
apache-airflow
(pip)
Oct 28, 2023
Wagtail vulnerable to disclosure of user names via admin bulk action views
Low
CVE-2023-45809
was published
for
wagtail
(pip)
Oct 19, 2023
python-oslo-utils has improper password parsing
Moderate
CVE-2022-0718
was published
for
oslo-utils
(pip)
Aug 29, 2022
Ansible leaks sensitive information to logs when told not to
Moderate
CVE-2019-14858
was published
for
ansible
(pip)
May 24, 2022
Ansible Uses Plugins That Disclose Credentials
High
CVE-2019-14846
was published
for
ansible-core
(pip)
May 24, 2022
OpenStack Nova logs sensitive context from notification exceptions
Critical
CVE-2017-7214
was published
for
nova
(pip)
May 14, 2022
django-anymail Includes Sensitive Information in Log Files
High
CVE-2018-1000089
was published
for
django-anymail
(pip)
May 14, 2022
Ansible Logs Passwords If PowerShell ScriptBlock is Enabled
Moderate
CVE-2018-16859
was published
for
ansible
(pip)
May 14, 2022
Ceilometer Prints Sensitive Configuration Data to Log
High
CVE-2019-3830
was published
for
ceilometer
(pip)
May 13, 2022
Openstack Octavia allows Insertion of Sensitive Information into Log File
High
CVE-2018-16856
was published
for
octavia
(pip)
May 13, 2022
Ansible Insertion of Sensitive Information into Log File vulnerability
Critical
CVE-2017-7550
was published
for
ansible
(pip)
May 13, 2022
MoinMoin Insertion of Sensitive Information into Log File
Moderate
CVE-2007-0902
was published
for
moin
(pip)
May 1, 2022
Sensitive Auth & Cookie data stored in Jupyter server logs
High
CVE-2022-24758
was published
for
notebook
(pip)
Apr 5, 2022
Insertion of Sensitive Information into Log File in Jupyter notebook
High
CVE-2022-24757
was published
for
jupyter-server
(pip)
Mar 25, 2022
Insertion of Sensitive Information into Log File in ansible
Moderate
CVE-2021-20180
was published
for
ansible
(pip)
Mar 17, 2022
Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible
Moderate
CVE-2020-14330
was published
for
ansible
(pip)
Feb 9, 2022
Insertion of Sensitive Information into Log File and Improper Output Neutralization for Logs in ansible
Moderate
CVE-2020-14332
was published
for
ansible
(pip)
Feb 9, 2022
loguru vulnerable to improper privilege management
Moderate
CVE-2022-0338
was published
for
loguru
(pip)
Jan 26, 2022
Insertion of Sensitive Information into Log File in ansible
Moderate
CVE-2021-20178
was published
for
ansible
(pip)
Jun 1, 2021
Insertion of Sensitive Information into Log File in ansible
Moderate
CVE-2021-20191
was published
for
ansible
(pip)
Jun 1, 2021
Insertion of Sensitive Information into Log File, Invocation of Process Using Visible Sensitive Information, and Exposure of Sensitive Information to an Unauthorized Actor in Ansible
Moderate
CVE-2020-1753
was published
for
ansible
(pip)
Apr 7, 2021
ProTip!
Advisories are also available from the
GraphQL API