Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

740 advisories

Loading
nvdApiKey is logged in debug mode Low
GHSA-qqhq-8r2c-c3f5 was published for org.owasp:dependency-check-ant (Maven) Dec 15, 2023
hott-box
In affected versions of Octopus Server it is possible for the OpenID client secret to be logged... Moderate Unreviewed
CVE-2023-1904 was published Dec 14, 2023
An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs... High Unreviewed
CVE-2023-46675 was published Dec 13, 2023
An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs... High Unreviewed
CVE-2023-46671 was published Dec 13, 2023
An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at... Moderate Unreviewed
CVE-2023-6687 was published Dec 12, 2023
Elastic Beats inserts sensitive information into log file Moderate
CVE-2023-49922 was published for github.com/elastic/beats (Go) Dec 12, 2023
levinebw
An issue was discovered by Elastic whereby the Documents API of App Search logged the raw... Moderate Unreviewed
CVE-2023-49923 was published Dec 12, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is... Moderate Unreviewed
CVE-2023-42927 was published Dec 12, 2023
Insertion of sensitive information in the centralized (Grafana) logging system in ProLion... Critical Unreviewed
CVE-2023-36649 was published Dec 12, 2023
Logging of the firestore key within nodejs-firestore Moderate
CVE-2023-6460 was published for @google-cloud/firestore (npm) Dec 4, 2023
abhishekwebcode
Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local... Low Unreviewed
CVE-2023-6287 was published Nov 27, 2023
Cron log backup files contain administrator session IDs. It is trivial for any attacker who can... High Unreviewed
CVE-2023-4677 was published Nov 23, 2023
Insertion of Sensitive Information into Log Moderate
CVE-2023-48708 was published for codeigniter4/shield (Composer) Nov 23, 2023
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1... Moderate Unreviewed
CVE-2023-25682 was published Nov 22, 2023
Exposure of Sensitive Information in Elastic APM .NET Agent Low
CVE-2021-22143 was published for Elastic.Apm (NuGet) Nov 22, 2023
MarkLee131
An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs... High Unreviewed
CVE-2023-46672 was published Nov 15, 2023
Insertion of sensitive information into log file in some Intel(R) On Demand software before... Moderate Unreviewed
CVE-2023-32283 was published Nov 14, 2023
Insertion of sensitive information into log file for some Intel Unison software may allow an... Low Unreviewed
CVE-2022-46647 was published Nov 14, 2023
The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like... High Unreviewed
CVE-2023-0436 was published Nov 14, 2023
An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version... Low Unreviewed
CVE-2023-45585 was published Nov 14, 2023
Headscale writes bearer tokens to info-level logs High
CVE-2023-47390 was published for github.com/juanfont/headscale (Go) Nov 11, 2023
SpiceDB leaks information in log files when URI cannot be parsed Moderate
CVE-2023-46255 was published for github.com/authzed/spicedb (Go) Oct 31, 2023
TimDiekmann
In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for... Moderate Unreviewed
CVE-2023-21387 was published Oct 30, 2023
Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability High
CVE-2023-46215 was published for apache-airflow (pip) Oct 28, 2023
Elasticsearch allows insertion of sensitive information into log files when using deprecated URIs Moderate
CVE-2023-31417 was published for org.elasticsearch:elasticsearch (Maven) Oct 26, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database