Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

667 advisories

Loading
IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive... Moderate Unreviewed
CVE-2023-30430 was published Jun 27, 2024
Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin Moderate
CVE-2024-39460 was published for org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven) Jun 26, 2024
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2... Low Unreviewed
CVE-2024-28830 was published Jun 26, 2024
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a... Low Unreviewed
CVE-2024-29177 was published Jun 26, 2024
An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with... Unknown Unreviewed
CVE-2024-6060 was published Jun 26, 2024
go-retryablehttp can leak basic auth credentials to log files Moderate
CVE-2024-6104 was published for github.com/hashicorp/go-retryablehttp (Go) Jun 24, 2024
Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing... Moderate Unreviewed
CVE-2022-44587 was published Jun 21, 2024
SonarQube logs sensitive information Moderate
CVE-2024-38460 was published for org.sonarsource.sonarqube:sonar-web (Maven) Jun 16, 2024
The sessions are stored in clear-text logs. An attacker can retrieve authentication sessions. A... Moderate Unreviewed
CVE-2024-27157 was published Jun 14, 2024
The session cookies, used for authentication, are stored in clear-text logs. An attacker can... Moderate Unreviewed
CVE-2024-27156 was published Jun 14, 2024
Passwords are stored in clear-text logs. An attacker can retrieve passwords. As for the affected... Moderate Unreviewed
CVE-2024-27154 was published Jun 14, 2024
CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause... Moderate Unreviewed
CVE-2024-5557 was published Jun 12, 2024
A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user... Unknown Unreviewed
CVE-2024-5908 was published Jun 12, 2024
Insertion of Sensitive Information into Log File vulnerability in Octolize USPS Shipping for... Moderate Unreviewed
CVE-2024-32811 was published Jun 9, 2024
Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C... Unknown Unreviewed
CVE-2024-0912 was published Jun 6, 2024
Insertion of Sensitive Information into Log File vulnerability in Code Parrots Easy Forms for... High Unreviewed
CVE-2024-25095 was published Jun 4, 2024
apko Exposure of HTTP basic auth credentials in log output High
CVE-2024-36127 was published for chainguard.dev/apko (Go) Jun 4, 2024
kolloch
Insertion of Sensitive Information into Log File vulnerability in Lukman Nakib Debug Log – Manger... Moderate Unreviewed
CVE-2024-34798 was published Jun 3, 2024
Slack integration leaks sensitive information in logs Low
CVE-2024-35196 was published for sentry (pip) Jun 2, 2024
asottile asottile-sentry
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability Low
CVE-2024-34715 was published for ethyca-fides (pip) May 29, 2024
tariqajyusuf pattisdr
goreleaser shows environment by default Moderate
GHSA-f6mm-5fc7-3g3c was published for github.com/goreleaser/goreleaser (Go) May 15, 2024
xrstf xmudrii
caarlos0
source-controller leaks Azure Storage SAS token into logs Moderate
CVE-2024-31216 was published for github.com/fluxcd/source-controller (Go) May 15, 2024
azure-file-csi-driver leaks service account tokens in the logs Moderate
CVE-2024-3744 was published for sigs.k8s.io/azurefile-csi-driver (Go) May 15, 2024
Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365... Moderate Unreviewed
CVE-2024-34550 was published May 14, 2024
Insertion of Sensitive Information into Log File vulnerability in Ghost Foundation Ghost.This... High Unreviewed
CVE-2024-34559 was published May 14, 2024
ProTip! Advisories are also available from the GraphQL API