GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
92 advisories
Filter by severity
Inclusion of Sensitive Information in Log Files and Improper Output Neutralization for Logs in Ansible
Moderate
CVE-2019-14864
was published
for
ansible
(pip)
Feb 26, 2020
Potential unauthorized access to stored request & session data when plugin is misconfigured in October CMS Debugbar
Moderate
CVE-2020-11094
was published
for
rainlab/debugbar-plugin
(Composer)
Jun 3, 2020
npm CLI exposing sensitive information through logs
Moderate
CVE-2020-15095
was published
for
npm
(npm)
Jul 7, 2020
Insertion of Sensitive Information into Log File, Invocation of Process Using Visible Sensitive Information, and Exposure of Sensitive Information to an Unauthorized Actor in Ansible
Moderate
CVE-2020-1753
was published
for
ansible
(pip)
Apr 7, 2021
Information Exposure in jaeger
Moderate
CVE-2020-10750
was published
for
github.com/jaegertracing/jaeger
(Go)
May 18, 2021
Helm OCI credentials leaked into Argo CD logs
Moderate
GHSA-6w87-g839-9wv7
was published
for
github.com/argoproj/argo-cd
(Go)
May 21, 2021
Insertion of Sensitive Information into Log File in ansible
Moderate
CVE-2021-20191
was published
for
ansible
(pip)
Jun 1, 2021
Information Disclosure in User Authentication
Moderate
CVE-2021-32767
was published
for
typo3/cms
(Composer)
Jul 26, 2021
Insecure direct object reference of log files of the Import/Export feature
Moderate
CVE-2021-37709
was published
for
shopware/core
(Composer)
Aug 30, 2021
Apache NiFi Insertion of Sensitive Information into Log File
Moderate
CVE-2020-1928
was published
for
org.apache.nifi:nifi-parameter
(Maven)
Jan 6, 2022
loguru vulnerable to improper privilege management
Moderate
CVE-2022-0338
was published
for
loguru
(pip)
Jan 26, 2022
Insertion of Sensitive Information into Log File and Improper Output Neutralization for Logs in ansible
Moderate
CVE-2020-14332
was published
for
ansible
(pip)
Feb 9, 2022
Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible
Moderate
CVE-2020-14330
was published
for
ansible
(pip)
Feb 9, 2022
Wildfly logs plaintext passwords
Moderate
CVE-2020-25640
was published
for
org.wildfly:wildfly-parent
(Maven)
Feb 15, 2022
Insertion of Sensitive Information into Log File in ansible
Moderate
CVE-2021-20180
was published
for
ansible
(pip)
Mar 17, 2022
Azure SDK for .NET Information Disclosure Vulnerability.
Moderate
CVE-2022-26907
was published
for
Microsoft.Rest.ClientRuntime
(NuGet)
Apr 16, 2022
Insertion of Sensitive Information into Log File in Hashicorp go-getter
Moderate
CVE-2022-29810
was published
for
github.com/hashicorp/go-getter
(Go)
Apr 28, 2022
MoinMoin Insertion of Sensitive Information into Log File
Moderate
CVE-2007-0902
was published
for
moin
(pip)
May 1, 2022
Ceilometer Prints Sensitive Configuration Data to Log
Moderate
CVE-2019-3830
was published
for
ceilometer
(pip)
May 13, 2022
Mediawiki information disclosure vulnerability
Moderate
CVE-2018-0504
was published
for
mediawiki/core
(Composer)
May 13, 2022
Moodle sensitive information disclosure
Moderate
CVE-2018-10889
was published
for
moodle/moodle
(Composer)
May 13, 2022
ovirt-engine Logs Plaintext Passwords To File
Moderate
CVE-2017-15113
was published
for
org.ovirt.engine.sdk:ovirt-engine-sdk-java
(Maven)
May 13, 2022
•
withdrawn
Ansible Logs Passwords If PowerShell ScriptBlock is Enabled
Moderate
CVE-2018-16859
was published
for
ansible
(pip)
May 14, 2022
Insertion of Sensitive Information into Log File in Apache Tomcat
Moderate
CVE-2011-2204
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Plaintext Storage of a Password in Jenkins Configuration as Code Plugin
Moderate
CVE-2019-10345
was published
for
io.jenkins:configuration-as-code
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API