GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
28 advisories
Filter by severity
Vault Leaks Client Token and Token Accessor in Audit Devices
Moderate
CVE-2024-8365
was published
for
github.com/hashicorp/vault
(Go)
Sep 2, 2024
APM Server vulnerable to Insertion of Sensitive Information into Log File
Moderate
CVE-2024-37286
was published
for
github.com/elastic/apm-server
(Go)
Aug 3, 2024
go-retryablehttp can leak basic auth credentials to log files
Moderate
CVE-2024-6104
was published
for
github.com/hashicorp/go-retryablehttp
(Go)
Jun 24, 2024
goreleaser shows environment by default
Moderate
GHSA-f6mm-5fc7-3g3c
was published
for
github.com/goreleaser/goreleaser
(Go)
May 15, 2024
source-controller leaks Azure Storage SAS token into logs
Moderate
CVE-2024-31216
was published
for
github.com/fluxcd/source-controller
(Go)
May 15, 2024
azure-file-csi-driver leaks service account tokens in the logs
Moderate
CVE-2024-3744
was published
for
sigs.k8s.io/azurefile-csi-driver
(Go)
May 15, 2024
Sensitive Information leak via Log File in Kubernetes
Moderate
CVE-2020-8563
was published
for
github.com/kubernetes/kubernetes
(Go)
Apr 24, 2024
Sensitive Information leak via Log File in Kubernetes
Moderate
CVE-2020-8566
was published
for
github.com/kubernetes/kubernetes
(Go)
Apr 24, 2024
Apache Solr Operator liveness and readiness probes may leak basic auth credentials
Moderate
CVE-2024-31391
was published
for
github.com/apache/solr-operator
(Go)
Apr 12, 2024
Hashicorp Vault may expose sensitive log information
Moderate
CVE-2024-0831
was published
for
github.com/hashicorp/vault
(Go)
Feb 1, 2024
`goreleaser release --debug` shows secrets
Moderate
CVE-2024-23840
was published
for
github.com/goreleaser/goreleaser
(Go)
Jan 30, 2024
CubeFS leaks users key in logs
Moderate
CVE-2023-46742
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
Elastic Beats inserts sensitive information into log file
Moderate
CVE-2023-49922
was published
for
github.com/elastic/beats
(Go)
Dec 12, 2023
SpiceDB leaks information in log files when URI cannot be parsed
Moderate
CVE-2023-46255
was published
for
github.com/authzed/spicedb
(Go)
Oct 31, 2023
ydb-go-sdk token in custom credentials object can leak through logs
Moderate
CVE-2023-45825
was published
for
github.com/ydb-platform/ydb-go-sdk/v3
(Go)
Oct 19, 2023
Improper log output when using GitHub Status Notifications in spinnaker
Moderate
CVE-2023-39348
was published
for
github.com/spinnaker/spinnaker
(Go)
Aug 29, 2023
Mattermost fails to sanitize post metadata
Moderate
CVE-2023-4108
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Aug 11, 2023
secrets-store-csi-driver discloses service account tokens in logs
Moderate
CVE-2023-2878
was published
for
sigs.k8s.io/secrets-store-csi-driver
(Go)
May 26, 2023
OpenShift Assisted Installer leaks image pull secrets as plaintext in installation logs
Moderate
CVE-2021-3684
was published
for
github.com/openshift/assisted-installer
(Go)
Mar 24, 2023
Argo CD leaks repository credentials in user-facing error messages and in logs
Moderate
CVE-2023-25163
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Feb 8, 2023
Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set
Moderate
CVE-2023-24827
was published
for
github.com/anchore/syft
(Go)
Feb 8, 2023
Kubernetes client-go vulnerable to Sensitive Information Leak via Log File
Moderate
CVE-2020-8565
was published
for
k8s.io/client-go
(Go)
Feb 6, 2023
Kubernetes Sensitive Information leak via Log File
Moderate
CVE-2020-8564
was published
for
github.com/kubernetes/kubernetes
(Go)
Feb 6, 2023
Heketi logs sensitive information
Moderate
CVE-2020-10763
was published
for
github.com/heketi/heketi
(Go)
May 24, 2022
Kubernetes client-go library logs may disclose credentials to unauthorized users
Moderate
CVE-2019-11250
was published
for
k8s.io/client-go
(Go)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API