GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
43 advisories
Filter by severity
Helm OCI credentials leaked into Argo CD logs
Moderate
GHSA-6w87-g839-9wv7
was published
for
github.com/argoproj/argo-cd
(Go)
May 21, 2021
Weave GitOps leaked cluster credentials into logs on connection errors
Critical
CVE-2022-31098
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jun 23, 2022
Traefik may display authorization header in the debug logs
Low
CVE-2022-23469
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 8, 2022
Insertion of Sensitive Information into Log File in Hashicorp go-getter
Moderate
CVE-2022-29810
was published
for
github.com/hashicorp/go-getter
(Go)
Apr 28, 2022
Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set
Moderate
CVE-2023-24827
was published
for
github.com/anchore/syft
(Go)
Feb 8, 2023
OpenShift Assisted Installer leaks image pull secrets as plaintext in installation logs
Moderate
CVE-2021-3684
was published
for
github.com/openshift/assisted-installer
(Go)
Mar 24, 2023
Secret insertion into debug log in Docker
High
CVE-2019-13509
was published
for
github.com/docker/docker
(Go)
May 24, 2022
Information Disclosure in go.elastic.co/apm
Low
CVE-2021-22133
was published
for
go.elastic.co/apm
(Go)
May 18, 2021
Information Exposure in jaeger
Moderate
CVE-2020-10750
was published
for
github.com/jaegertracing/jaeger
(Go)
May 18, 2021
Information Disclosure in HashiCorp Vault
High
CVE-2020-13223
was published
for
github.com/hashicorp/vault
(Go)
May 18, 2021
SpiceDB leaks information in log files when URI cannot be parsed
Moderate
CVE-2023-46255
was published
for
github.com/authzed/spicedb
(Go)
Oct 31, 2023
Argo CD cluster secret might leak in cluster details page
Critical
CVE-2023-40029
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Sep 11, 2023
Weave GitOps Terraform Controller Information Disclosure Vulnerability
High
CVE-2023-34236
was published
for
github.com/weaveworks/tf-controller
(Go)
Jul 14, 2023
Improper log output when using GitHub Status Notifications in spinnaker
Moderate
CVE-2023-39348
was published
for
github.com/spinnaker/spinnaker
(Go)
Aug 29, 2023
secrets-store-csi-driver discloses service account tokens in logs
Moderate
CVE-2023-2878
was published
for
sigs.k8s.io/secrets-store-csi-driver
(Go)
May 26, 2023
Mattermost fails to sanitize post metadata
Moderate
CVE-2023-4108
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Aug 11, 2023
Debug mode leaks confidential data in Cilium
High
CVE-2023-29002
was published
for
github.com/cilium/cilium
(Go)
Apr 19, 2023
Headscale writes bearer tokens to info-level logs
High
CVE-2023-47390
was published
for
github.com/juanfont/headscale
(Go)
Nov 11, 2023
ydb-go-sdk token in custom credentials object can leak through logs
Moderate
CVE-2023-45825
was published
for
github.com/ydb-platform/ydb-go-sdk/v3
(Go)
Oct 19, 2023
`goreleaser release --debug` shows secrets
Moderate
CVE-2024-23840
was published
for
github.com/goreleaser/goreleaser
(Go)
Jan 30, 2024
Hashicorp Vault may expose sensitive log information
Moderate
CVE-2024-0831
was published
for
github.com/hashicorp/vault
(Go)
Feb 1, 2024
Insecure Variable Substitution in Vela
High
CVE-2024-28236
was published
for
github.com/go-vela/worker
(Go)
Mar 14, 2024
Sensitive Information leak via Log File in Kubernetes
Moderate
CVE-2020-8566
was published
for
github.com/kubernetes/kubernetes
(Go)
Apr 24, 2024
Sensitive Information leak via Log File in Kubernetes
Moderate
CVE-2020-8563
was published
for
github.com/kubernetes/kubernetes
(Go)
Apr 24, 2024
Heketi logs sensitive information
Moderate
CVE-2020-10763
was published
for
github.com/heketi/heketi
(Go)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API