Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,050
Erlang
29
GitHub Actions
19
Go
1,876
Maven
5,000+
npm
3,602
NuGet
638
pip
3,199
Pub
10
RubyGems
852
Rust
813
Swift
35
Unreviewed advisories
All unreviewed
5,000+

693 advisories

Vault Leaks Client Token and Token Accessor in Audit Devices Moderate
CVE-2024-8365 was published for github.com/hashicorp/vault (Go) Sep 2, 2024
Passwords of agents and customers are displayed in plain text in the OTRS admin log module if... High Unreviewed
CVE-2024-43444 was published Aug 26, 2024
Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into... Moderate Unreviewed
CVE-2024-42056 was published Aug 22, 2024
When generating QKView of BIG-IP Next instance from the BIG-IP Next Central Manager (CM), F5... Moderate Unreviewed
CVE-2024-41719 was published Aug 14, 2024
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All... High Unreviewed
CVE-2024-41978 was published Aug 13, 2024
An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic... Moderate Unreviewed
CVE-2024-37283 was published Aug 12, 2024
The com.cascadialabs.who (aka Who - Caller ID, Spam Block) application 15.0 for Android places... Low Unreviewed
CVE-2024-40096 was published Aug 5, 2024
APM Server vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2024-37286 was published for github.com/elastic/apm-server (Go) Aug 3, 2024
IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive... Moderate Unreviewed
CVE-2024-38321 was published Aug 3, 2024
A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive... Moderate Unreviewed
CVE-2024-6977 was published Jul 31, 2024
Elasticsearch Insertion of Sensitive Information into Log File Moderate
CVE-2023-49921 was published for org.elasticsearch:elasticsearch (Maven) Jul 26, 2024
Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files Moderate
CVE-2024-41178 was published for object_store (Rust) Jul 23, 2024
oscerd
ops leaking secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command Moderate
CVE-2024-41129 was published for ops (pip) Jul 22, 2024
phvalguima
In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build... Moderate Unreviewed
CVE-2024-41824 was published Jul 22, 2024
Information exposure in the logging system in Yugabyte Platform allows local attackers with... Moderate Unreviewed
CVE-2024-0006 was published Jul 19, 2024
Steeltoe Leaks Basic Auth Credentials to Logs After Fetch Registry Error Low
CVE-2024-40636 was published for Steeltoe.Discovery.ClientAutofac (NuGet) Jul 17, 2024
An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS... Moderate Unreviewed
CVE-2024-39532 was published Jul 11, 2024
Insertion of Sensitive Information into Log File vulnerability in TrustedLogin TrustedLogin... Moderate Unreviewed
CVE-2024-37270 was published Jul 10, 2024
Insertion of Sensitive Information into Log File vulnerability in SERVIT Software Solutions.This... Moderate Unreviewed
CVE-2024-37205 was published Jul 10, 2024
Multiple Exposure of sensitive information to an unauthorized actor vulnerabilities [CWE-200] in... High Unreviewed
CVE-2024-27784 was published Jul 9, 2024
An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The Special... Moderate Unreviewed
CVE-2024-40596 was published Jul 7, 2024
An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can... Moderate Unreviewed
CVE-2024-40598 was published Jul 7, 2024
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355... Moderate Unreviewed
CVE-2022-25477 was published Jul 2, 2024
Under certain circumstances unnecessary user details are provided within system logs Moderate Unreviewed
CVE-2024-32757 was published Jul 2, 2024
IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive... Moderate Unreviewed
CVE-2023-30430 was published Jun 27, 2024
ProTip! Advisories are also available from the GraphQL API