GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,087
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
132 advisories
Filter by severity
Sensitive Data Exposure in sequelize-cli
Low
GHSA-3xc7-xg67-pw99
was published
for
sequelize-cli
(npm)
Jun 5, 2019
Log injection in SimpleSAMLphp
Low
CVE-2020-5225
was published
for
simplesamlphp/simplesamlphp
(Composer)
Jan 24, 2020
Potential unauthorized access to stored request & session data when plugin is misconfigured in October CMS Debugbar
Moderate
CVE-2020-11094
was published
for
rainlab/debugbar-plugin
(Composer)
Jun 3, 2020
GitHub personal access token leaking into temporary EasyBuild (debug) logs
Moderate
CVE-2020-5262
was published
for
easybuild-framework
(pip)
Mar 19, 2020
Information Exposure in cordova-android
High
CVE-2016-6799
was published
for
cordova-android
(npm)
Sep 11, 2020
Helm OCI credentials leaked into Argo CD logs
Moderate
GHSA-6w87-g839-9wv7
was published
for
github.com/argoproj/argo-cd
(Go)
May 21, 2021
Shopware's log module vulnerable to Improper Output Neutralization
Low
CVE-2023-22733
was published
for
shopware/core
(Composer)
Jan 20, 2023
Insertion of Sensitive Information into Log File in ansible
Moderate
CVE-2021-20180
was published
for
ansible
(pip)
Mar 17, 2022
Insertion of Sensitive Information into Log File in Jupyter notebook
High
CVE-2022-24757
was published
for
jupyter-server
(pip)
Mar 25, 2022
Sensitive Auth & Cookie data stored in Jupyter server logs
High
CVE-2022-24758
was published
for
notebook
(pip)
Apr 5, 2022
Insertion of Sensitive Information into Log File in Elasticsearch
Moderate
CVE-2020-7021
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 24, 2022
Insertion of Sensitive Information into Log File in Jenkins Mask Passwords Plugin
Moderate
CVE-2019-10370
was published
for
org.jenkins-ci.plugins:mask-passwords
(Maven)
May 24, 2022
Exposure of Sensitive Information in Gradle publish plugin
Moderate
CVE-2020-7599
was published
for
com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin
(Maven)
May 24, 2022
Weave GitOps leaked cluster credentials into logs on connection errors
Critical
CVE-2022-31098
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jun 23, 2022
django-anymail Includes Sensitive Information in Log Files
High
CVE-2018-1000089
was published
for
django-anymail
(pip)
May 14, 2022
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log
Low
CVE-2022-31186
was published
for
next-auth
(npm)
Aug 6, 2022
check-spelling workflow vulnerable to token leakage via symlink attack
Critical
CVE-2021-32724
was published
for
check-spelling/check-spelling
(GitHub Actions)
Jul 29, 2022
Traefik may display authorization header in the debug logs
Low
CVE-2022-23469
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 8, 2022
npm CLI exposing sensitive information through logs
Moderate
CVE-2020-15095
was published
for
npm
(npm)
Jul 7, 2020
Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible
Moderate
CVE-2020-14330
was published
for
ansible
(pip)
Feb 9, 2022
Credential exposure through log files in Undertow
Critical
CVE-2019-3888
was published
for
io.undertow:undertow-core
(Maven)
Jun 13, 2019
Potential to access user credentials from the log files when debug logging enabled
Critical
CVE-2019-10212
was published
for
io.undertow:undertow-core
(Maven)
Nov 20, 2019
Inclusion of Sensitive Information in Log Files and Improper Output Neutralization for Logs in Ansible
Moderate
CVE-2019-14864
was published
for
ansible
(pip)
Feb 26, 2020
Information Exposure in Snyk Broker
High
CVE-2020-7654
was published
for
snyk-broker
(npm)
Jun 3, 2020
Insertion of Sensitive Information into Log File, Invocation of Process Using Visible Sensitive Information, and Exposure of Sensitive Information to an Unauthorized Actor in Ansible
Moderate
CVE-2020-1753
was published
for
ansible
(pip)
Apr 7, 2021
ProTip!
Advisories are also available from the
GraphQL API