Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

703 advisories

Loading
Ceilometer Prints Sensitive Configuration Data to Log Moderate
CVE-2019-3830 was published for ceilometer (pip) May 13, 2022
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7... Moderate Unreviewed
CVE-2024-4472 was published Sep 12, 2024
Argo CD leaks repository credentials in user-facing error messages and in logs Moderate
CVE-2023-25163 was published for github.com/argoproj/argo-cd/v2 (Go) Feb 8, 2023
andrewpollock
A vulnerability identified in OpenText™ Identity Manager AzureAD Driver that allows logging of... Moderate Unreviewed
CVE-2021-22518 was published Sep 12, 2024
Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager has... Moderate Unreviewed
CVE-2022-26322 was published Sep 12, 2024
Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been... Moderate Unreviewed
CVE-2021-22533 was published Sep 12, 2024
Sensitive Information Exposure Through Insecure Logging For Secrets Like Metadata.DockerBuildArgs Moderate
GHSA-rjc6-vm4h-85cg was published for aws-sam-cli (pip) Sep 11, 2024
AWS SageMaker Training Toolkit logs CodeArtifact Authorization token Moderate
GHSA-635v-pc42-fr74 was published for sagemaker-training (pip) Sep 11, 2024
Ansible leaks sensitive information to logs when told not to Moderate
CVE-2019-14858 was published for ansible (pip) May 24, 2022
Insertion of Sensitive Information into Log File in ansible Moderate
CVE-2021-20191 was published for ansible (pip) Jun 1, 2021
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2).... Moderate Unreviewed
CVE-2024-42344 was published Sep 10, 2024
A vulnerability has been identified in SINUMERIK 828D V4 (All versions < V4.95 SP3), SINUMERIK... Moderate Unreviewed
CVE-2024-43781 was published Sep 10, 2024
Insertion of Sensitive Information into Log File, Invocation of Process Using Visible Sensitive Information, and Exposure of Sensitive Information to an Unauthorized Actor in Ansible Moderate
CVE-2020-1753 was published for ansible (pip) Apr 7, 2021
Ansible Uses Plugins That Disclose Credentials High
CVE-2019-14846 was published for ansible (pip) May 24, 2022
Vault Leaks Client Token and Token Accessor in Audit Devices Moderate
CVE-2024-8365 was published for github.com/hashicorp/vault (Go) Sep 2, 2024
Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible Moderate
CVE-2020-14330 was published for ansible (pip) Feb 9, 2022
Insertion of Sensitive Information into Log File and Improper Output Neutralization for Logs in ansible Moderate
CVE-2020-14332 was published for ansible (pip) Feb 9, 2022
jhampson-dbre
Insertion of Sensitive Information into Log File in ansible Moderate
CVE-2021-20178 was published for ansible (pip) Jun 1, 2021
Inclusion of Sensitive Information in Log Files and Improper Output Neutralization for Logs in Ansible Moderate
CVE-2019-14864 was published for ansible (pip) Feb 26, 2020
Ansible Insertion of Sensitive Information into Log File vulnerability Critical
CVE-2017-7550 was published for ansible (pip) May 13, 2022
Ansible Logs Passwords If PowerShell ScriptBlock is Enabled Moderate
CVE-2018-16859 was published for ansible (pip) May 14, 2022
Ansible exposes sensitive data in log files and on the terminal Moderate
CVE-2018-10855 was published for ansible (pip) Oct 10, 2018
An issue discovered in Unisys Stealth 5.3.062.0 allows attackers to view sensitive information... High Unreviewed
CVE-2024-23758 was published Feb 21, 2024
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker... High Unreviewed
CVE-2024-20440 was published Sep 4, 2024
The com.cascadialabs.who (aka Who - Caller ID, Spam Block) application 15.0 for Android places... Low Unreviewed
CVE-2024-40096 was published Aug 5, 2024
ProTip! Advisories are also available from the GraphQL API