GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
86 advisories
Filter by severity
Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin
Moderate
CVE-2024-39460
was published
for
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
(Maven)
Jun 26, 2024
go-retryablehttp can leak basic auth credentials to log files
Moderate
CVE-2024-6104
was published
for
github.com/hashicorp/go-retryablehttp
(Go)
Jun 24, 2024
SonarQube logs sensitive information
Moderate
CVE-2024-38460
was published
for
org.sonarsource.sonarqube:sonar-web
(Maven)
Jun 16, 2024
goreleaser shows environment by default
Moderate
GHSA-f6mm-5fc7-3g3c
was published
for
github.com/goreleaser/goreleaser
(Go)
May 15, 2024
source-controller leaks Azure Storage SAS token into logs
Moderate
CVE-2024-31216
was published
for
github.com/fluxcd/source-controller
(Go)
May 15, 2024
azure-file-csi-driver leaks service account tokens in the logs
Moderate
CVE-2024-3744
was published
for
sigs.k8s.io/azurefile-csi-driver
(Go)
May 15, 2024
matrix-sdk-crypto contains a log exposure of private key of the server-side key backup
Moderate
CVE-2024-34353
was published
for
matrix-sdk-crypto
(Rust)
May 13, 2024
Jberet: jberet-core logging database credentials
Moderate
CVE-2024-1102
was published
for
org.jberet:jberet-core
(Maven)
Apr 25, 2024
Sensitive Information leak via Log File in Kubernetes
Moderate
CVE-2020-8563
was published
for
github.com/kubernetes/kubernetes
(Go)
Apr 24, 2024
Sensitive Information leak via Log File in Kubernetes
Moderate
CVE-2020-8566
was published
for
github.com/kubernetes/kubernetes
(Go)
Apr 24, 2024
Apache Solr Operator liveness and readiness probes may leak basic auth credentials
Moderate
CVE-2024-31391
was published
for
github.com/apache/solr-operator
(Go)
Apr 12, 2024
Potential log injection in reset user endpoint in CKAN
Moderate
CVE-2024-27097
was published
for
ckan
(pip)
Mar 13, 2024
Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged
Moderate
CVE-2023-50740
was published
for
org.apache.linkis:linkis
(Maven)
Mar 6, 2024
APM Server vulnerable to Insertion of Sensitive Information into Log File
Moderate
CVE-2024-23448
was published
for
github.com/elastic/apm-server
(Go)
Feb 8, 2024
glance-store logs s3 access keys
Moderate
CVE-2024-1141
was published
for
glance-store
(pip)
Feb 1, 2024
Hashicorp Vault may expose sensitive log information
Moderate
CVE-2024-0831
was published
for
github.com/hashicorp/vault
(Go)
Feb 1, 2024
`goreleaser release --debug` shows secrets
Moderate
CVE-2024-23840
was published
for
github.com/goreleaser/goreleaser
(Go)
Jan 30, 2024
Insertion of Sensitive Information into Log File in OWASP DependencyCheck
Moderate
CVE-2024-23686
was published
for
org.owasp:dependency-check-ant
(Maven)
Jan 20, 2024
react-native-mmkv Insertion of Sensitive Information into Log File vulnerability
Moderate
CVE-2024-21668
was published
for
react-native-mmkv
(npm)
Jan 9, 2024
CubeFS leaks users key in logs
Moderate
CVE-2023-46742
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
Elastic Beats inserts sensitive information into log file
Moderate
CVE-2023-49922
was published
for
github.com/elastic/beats
(Go)
Dec 12, 2023
Logging of the firestore key within nodejs-firestore
Moderate
CVE-2023-6460
was published
for
@google-cloud/firestore
(npm)
Dec 4, 2023
Insertion of Sensitive Information into Log
Moderate
CVE-2023-48708
was published
for
codeigniter4/shield
(Composer)
Nov 23, 2023
SpiceDB leaks information in log files when URI cannot be parsed
Moderate
CVE-2023-46255
was published
for
github.com/authzed/spicedb
(Go)
Oct 31, 2023
Elasticsearch allows insertion of sensitive information into log files when using deprecated URIs
Moderate
CVE-2023-31417
was published
for
org.elasticsearch:elasticsearch
(Maven)
Oct 26, 2023
ProTip!
Advisories are also available from the
GraphQL API