Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

151 advisories

Loading
Secret insertion into debug log in Docker High
CVE-2019-13509 was published for github.com/docker/docker (Go) May 24, 2022
joshbressers
OpenStack Glance sensitive information disclosure via logs Moderate
CVE-2014-1948 was published for glance (pip) May 17, 2022
OpenStack Nova logs sensitive context from notification exceptions Critical
CVE-2017-7214 was published for nova (pip) May 14, 2022
django-anymail Includes Sensitive Information in Log Files Critical
CVE-2018-1000089 was published for django-anymail (pip) May 14, 2022
westonsteimel
Insertion of Sensitive Information into Log File in Apache Tomcat Moderate
CVE-2011-2204 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Ansible Logs Passwords If PowerShell ScriptBlock is Enabled Moderate
CVE-2018-16859 was published for ansible (pip) May 14, 2022
Jenkins SSH Agent Plugin exposes SSH private key password to users with permission to read the build log Low
CVE-2018-1999036 was published for org.jenkins-ci.plugins:ssh-agent (Maven) May 13, 2022
ovirt-engine Logs Plaintext Passwords To File Moderate
CVE-2017-15113 was published for org.ovirt.engine.sdk:ovirt-engine-sdk-java (Maven) May 13, 2022 withdrawn
Moodle sensitive information disclosure Moderate
CVE-2018-10889 was published for moodle/moodle (Composer) May 13, 2022
Mediawiki information disclosure vulnerability Moderate
CVE-2018-0504 was published for mediawiki/core (Composer) May 13, 2022
Ceilometer Prints Sensitive Configuration Data to Log Moderate
CVE-2019-3830 was published for ceilometer (pip) May 13, 2022
Openstack Octavia allows Insertion of Sensitive Information into Log File High
CVE-2018-16856 was published for octavia (pip) May 13, 2022
Ansible Insertion of Sensitive Information into Log File vulnerability Critical
CVE-2017-7550 was published for ansible (pip) May 13, 2022
MoinMoin Insertion of Sensitive Information into Log File Moderate
CVE-2007-0902 was published for moin (pip) May 1, 2022
Insertion of Sensitive Information into Log File in Hashicorp go-getter Moderate
CVE-2022-29810 was published for github.com/hashicorp/go-getter (Go) Apr 28, 2022
jhutchings1
Moodle backs up private files High
CVE-2012-1156 was published for moodle/moodle (Composer) Apr 23, 2022
Azure SDK for .NET Information Disclosure Vulnerability. Moderate
CVE-2022-26907 was published for Microsoft.Rest.ClientRuntime (NuGet) Apr 16, 2022
Sensitive Auth & Cookie data stored in Jupyter server logs High
CVE-2022-24758 was published for notebook (pip) Apr 5, 2022
3coins
Insertion of Sensitive Information into Log File in Jupyter notebook High
CVE-2022-24757 was published for jupyter-server (pip) Mar 25, 2022
3coins
Insertion of Sensitive Information into Log File in ansible Moderate
CVE-2021-20180 was published for ansible (pip) Mar 17, 2022
KamilaBorowska
Sensitive parameter values captured in build metadata files by Jenkins Parameterized Trigger Plugin Low
CVE-2022-27195 was published for org.jenkins-ci.plugins:parameterized-trigger (Maven) Mar 16, 2022
NotMyFault
Wildfly logs plaintext passwords Moderate
CVE-2020-25640 was published for org.wildfly:wildfly-parent (Maven) Feb 15, 2022
Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible Moderate
CVE-2020-14330 was published for ansible (pip) Feb 9, 2022
Insertion of Sensitive Information into Log File and Improper Output Neutralization for Logs in ansible Moderate
CVE-2020-14332 was published for ansible (pip) Feb 9, 2022
jhampson-dbre
loguru vulnerable to improper privilege management Moderate
CVE-2022-0338 was published for loguru (pip) Jan 26, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database