Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,950
Maven
5,000+
npm
4,596
NuGet
787
pip
4,301
Pub
12
RubyGems
982
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

207 advisories

Loading
Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7... High Unreviewed
CVE-2018-15797 was published May 13, 2022
A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly... High Unreviewed
CVE-2018-3827 was published May 13, 2022
A password management issue exists where the Organization authentication username and password... High Unreviewed
CVE-2019-0032 was published May 13, 2022
It was discovered that a world-readable log file belonging to Candlepin component of Red Hat... High Unreviewed
CVE-2019-3891 was published May 13, 2022
Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive... High Unreviewed
CVE-2018-7683 was published May 13, 2022
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI... High Unreviewed
CVE-2016-9882 was published May 13, 2022
Openstack Octavia allows Insertion of Sensitive Information into Log File High
CVE-2018-16856 was published for octavia (pip) May 13, 2022
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and... High Unreviewed
CVE-2019-3500 was published May 13, 2022
Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log... High Unreviewed
CVE-2016-0879 was published May 13, 2022
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration... High Unreviewed
CVE-2016-0875 was published May 13, 2022
Moodle backs up private files High
CVE-2012-1156 was published for moodle/moodle (Composer) Apr 23, 2022
An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker can... High Unreviewed
CVE-2021-45103 was published Apr 7, 2022
Sensitive Auth & Cookie data stored in Jupyter server logs High
CVE-2022-24758 was published for notebook (pip) Apr 5, 2022
3coins
Credited to 3coins
TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information... High Unreviewed
CVE-2022-27442 was published Apr 5, 2022
Insertion of Sensitive Information into Log File in Jupyter notebook High
CVE-2022-24757 was published for jupyter-server (pip) Mar 25, 2022
3coins
Credited to 3coins
A flaw was found in KeePass. The vulnerability occurs due to logging the plain text passwords in... High Unreviewed
CVE-2022-0725 was published Mar 11, 2022
HashiCorp Terraform Enterprise before 202202-1 inserts Sensitive Information into a Log File. High Unreviewed
CVE-2022-25374 was published Feb 26, 2022
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensitive information disclosure... High Unreviewed
CVE-2021-36289 was published Jan 27, 2022
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions <... High Unreviewed
CVE-2021-45034 was published Jan 12, 2022
Insertion of Sensitive Information into Log File in Apache Geode High
CVE-2021-34797 was published for org.apache.geode:geode-core (Maven) Jan 6, 2022
Insertion of Sensitive Information into Log File in Apache NiFi Stateless High
CVE-2020-9486 was published for org.apache.nifi:nifi-stateless (Maven) Jan 6, 2022
Insertion of Sensitive Information into Log File in Apache NiFi High
CVE-2020-1942 was published for org.apache.nifi:nifi-framework-core (Maven) Jan 6, 2022
Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when... High Unreviewed
CVE-2021-37861 was published Dec 10, 2021
Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read application... High Unreviewed
CVE-2021-38283 was published Nov 30, 2021
Sensitive information could be logged. The following products are affected: Acronis Agent ... High Unreviewed
CVE-2021-34800 was published Nov 30, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database