Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

767 advisories

Loading
Inclusion of Sensitive Information in Log Files and Improper Output Neutralization for Logs in Ansible Moderate
CVE-2019-14864 was published for ansible (pip) Feb 26, 2020
Ansible Insertion of Sensitive Information into Log File vulnerability Critical
CVE-2017-7550 was published for ansible (pip) May 13, 2022
Ansible Logs Passwords If PowerShell ScriptBlock is Enabled Moderate
CVE-2018-16859 was published for ansible (pip) May 14, 2022
An issue discovered in Unisys Stealth 5.3.062.0 allows attackers to view sensitive information... High Unreviewed
CVE-2024-23758 was published Feb 21, 2024
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker... High Unreviewed
CVE-2024-20440 was published Sep 4, 2024
The com.cascadialabs.who (aka Who - Caller ID, Spam Block) application 15.0 for Android places... Low Unreviewed
CVE-2024-40096 was published Aug 5, 2024
Insertion of Sensitive Information into Log Files in M-Files Server in M-Files before 22.10.11846... High Unreviewed
CVE-2022-4858 was published Dec 30, 2022
Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into... Moderate Unreviewed
CVE-2024-42056 was published Aug 22, 2024
Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local... Low Unreviewed
CVE-2023-6287 was published Nov 27, 2023
Passwords of agents and customers are displayed in plain text in the OTRS admin log module if... High Unreviewed
CVE-2024-43444 was published Aug 26, 2024
spaces_plugin/app.py in SolidUI 0.4.0 has an unnecessary print statement for an OpenAI key. The... High Unreviewed
CVE-2024-34527 was published May 6, 2024
When generating QKView of BIG-IP Next instance from the BIG-IP Next Central Manager (CM), F5... Moderate Unreviewed
CVE-2024-41719 was published Aug 14, 2024
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All... High Unreviewed
CVE-2024-41978 was published Aug 13, 2024
An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic... Moderate Unreviewed
CVE-2024-37283 was published Aug 12, 2024
Information exposure in the logging system in Yugabyte Platform allows local attackers with... Moderate Unreviewed
CVE-2024-0006 was published Jul 19, 2024
APM Server vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2024-37286 was published for github.com/elastic/apm-server (Go) Aug 3, 2024
A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user... Moderate Unreviewed
CVE-2024-5908 was published Jun 12, 2024
Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C... High Unreviewed
CVE-2024-0912 was published Jun 6, 2024
CubeFS leaks users key in logs Moderate
CVE-2023-46742 was published for github.com/cubefs/cubefs (Go) Jan 3, 2024
AdamKorcz
A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b... Moderate Unreviewed
CVE-2024-29954 was published Jun 26, 2024
Steeltoe Leaks Basic Auth Credentials to Logs After Fetch Registry Error Low
CVE-2024-40636 was published for Steeltoe.Discovery.ClientAutofac (NuGet) Jul 17, 2024
Elasticsearch Insertion of Sensitive Information into Log File Moderate
CVE-2023-49921 was published for org.elasticsearch:elasticsearch (Maven) Jul 26, 2024
IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive... Moderate Unreviewed
CVE-2024-38321 was published Aug 3, 2024
Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files Moderate
CVE-2024-41178 was published for object_store (Rust) Jul 23, 2024
oscerd
ops leaking secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command Moderate
CVE-2024-41129 was published for ops (pip) Jul 22, 2024
phvalguima
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database