GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
703 advisories
Filter by severity
Ceilometer Prints Sensitive Configuration Data to Log
Moderate
CVE-2019-3830
was published
for
ceilometer
(pip)
May 13, 2022
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7...
Moderate
Unreviewed
CVE-2024-4472
was published
Sep 12, 2024
Argo CD leaks repository credentials in user-facing error messages and in logs
Moderate
CVE-2023-25163
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Feb 8, 2023
A vulnerability identified in OpenText™
Identity Manager AzureAD Driver that allows logging of...
Moderate
Unreviewed
CVE-2021-22518
was published
Sep 12, 2024
Possible Insertion of Sensitive Information into Log File Vulnerability
in Identity Manager has...
Moderate
Unreviewed
CVE-2022-26322
was published
Sep 12, 2024
Possible Insertion of Sensitive Information into Log File Vulnerability
in eDirectory has been...
Moderate
Unreviewed
CVE-2021-22533
was published
Sep 12, 2024
Sensitive Information Exposure Through Insecure Logging For Secrets Like Metadata.DockerBuildArgs
Moderate
GHSA-rjc6-vm4h-85cg
was published
for
aws-sam-cli
(pip)
Sep 11, 2024
AWS SageMaker Training Toolkit logs CodeArtifact Authorization token
Moderate
GHSA-635v-pc42-fr74
was published
for
sagemaker-training
(pip)
Sep 11, 2024
Ansible leaks sensitive information to logs when told not to
Moderate
CVE-2019-14858
was published
for
ansible
(pip)
May 24, 2022
Insertion of Sensitive Information into Log File in ansible
Moderate
CVE-2021-20191
was published
for
ansible
(pip)
Jun 1, 2021
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2)....
Moderate
Unreviewed
CVE-2024-42344
was published
Sep 10, 2024
A vulnerability has been identified in SINUMERIK 828D V4 (All versions < V4.95 SP3), SINUMERIK...
Moderate
Unreviewed
CVE-2024-43781
was published
Sep 10, 2024
Insertion of Sensitive Information into Log File, Invocation of Process Using Visible Sensitive Information, and Exposure of Sensitive Information to an Unauthorized Actor in Ansible
Moderate
CVE-2020-1753
was published
for
ansible
(pip)
Apr 7, 2021
Ansible Uses Plugins That Disclose Credentials
High
CVE-2019-14846
was published
for
ansible
(pip)
May 24, 2022
Vault Leaks Client Token and Token Accessor in Audit Devices
Moderate
CVE-2024-8365
was published
for
github.com/hashicorp/vault
(Go)
Sep 2, 2024
Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible
Moderate
CVE-2020-14330
was published
for
ansible
(pip)
Feb 9, 2022
Insertion of Sensitive Information into Log File and Improper Output Neutralization for Logs in ansible
Moderate
CVE-2020-14332
was published
for
ansible
(pip)
Feb 9, 2022
Insertion of Sensitive Information into Log File in ansible
Moderate
CVE-2021-20178
was published
for
ansible
(pip)
Jun 1, 2021
Inclusion of Sensitive Information in Log Files and Improper Output Neutralization for Logs in Ansible
Moderate
CVE-2019-14864
was published
for
ansible
(pip)
Feb 26, 2020
Ansible Insertion of Sensitive Information into Log File vulnerability
Critical
CVE-2017-7550
was published
for
ansible
(pip)
May 13, 2022
Ansible Logs Passwords If PowerShell ScriptBlock is Enabled
Moderate
CVE-2018-16859
was published
for
ansible
(pip)
May 14, 2022
Ansible exposes sensitive data in log files and on the terminal
Moderate
CVE-2018-10855
was published
for
ansible
(pip)
Oct 10, 2018
An issue discovered in Unisys Stealth 5.3.062.0 allows attackers to view sensitive information...
High
Unreviewed
CVE-2024-23758
was published
Feb 21, 2024
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker...
High
Unreviewed
CVE-2024-20440
was published
Sep 4, 2024
The com.cascadialabs.who (aka Who - Caller ID, Spam Block) application 15.0 for Android places...
Low
Unreviewed
CVE-2024-40096
was published
Aug 5, 2024
ProTip!
Advisories are also available from the
GraphQL API