GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
440 advisories
Filter by severity
Potential unauthorized access to stored request & session data when plugin is misconfigured in October CMS Debugbar
Moderate
CVE-2020-11094
was published
for
rainlab/debugbar-plugin
(Composer)
Jun 3, 2020
Helm OCI credentials leaked into Argo CD logs
Moderate
GHSA-6w87-g839-9wv7
was published
for
github.com/argoproj/argo-cd
(Go)
May 21, 2021
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to...
Moderate
Unreviewed
CVE-2019-14782
was published
May 24, 2022
Insertion of Sensitive Information into Log File in ansible
Moderate
CVE-2021-20180
was published
for
ansible
(pip)
Mar 17, 2022
In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which...
Moderate
Unreviewed
CVE-2022-25518
was published
Mar 24, 2022
Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be...
Moderate
Unreviewed
CVE-2022-28774
was published
May 12, 2022
Insertion of Sensitive Information into Log File in Elasticsearch
Moderate
CVE-2020-7021
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 24, 2022
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an...
Moderate
Unreviewed
CVE-2019-15508
was published
May 24, 2022
Insertion of Sensitive Information into Log File in Jenkins Mask Passwords Plugin
Moderate
CVE-2019-10370
was published
for
org.jenkins-ci.plugins:mask-passwords
(Maven)
May 24, 2022
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway...
Moderate
Unreviewed
CVE-2022-20807
was published
May 28, 2022
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an...
Moderate
Unreviewed
CVE-2019-15507
was published
May 24, 2022
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway...
Moderate
Unreviewed
CVE-2022-20809
was published
May 27, 2022
Exposure of Sensitive Information in Gradle publish plugin
Moderate
CVE-2020-7599
was published
for
com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin
(Maven)
May 24, 2022
Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6...
Moderate
Unreviewed
CVE-2022-30733
was published
Jun 8, 2022
Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized...
Moderate
Unreviewed
CVE-2022-32193
was published
Jun 14, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Business Process...
Moderate
Unreviewed
CVE-2021-1576
was published
May 24, 2022
Windows Desired State Configuration (DSC) Information Disclosure Vulnerability.
Moderate
Unreviewed
CVE-2022-30148
was published
Jun 16, 2022
rsyslog uses weak permissions for generating log files, which allows local users to obtain...
Moderate
Unreviewed
CVE-2015-3243
was published
May 17, 2022
A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and...
Moderate
Unreviewed
CVE-2022-20768
was published
Jul 7, 2022
An issue was discovered in Couchbase Server 7.x before 7.0.4. Field names are not redacted in...
Moderate
Unreviewed
CVE-2022-33911
was published
Jul 13, 2022
IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be...
Moderate
Unreviewed
CVE-2016-9985
was published
May 17, 2022
An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could...
Moderate
Unreviewed
CVE-2017-5137
was published
May 17, 2022
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged...
Moderate
Unreviewed
CVE-2022-31674
was published
Aug 11, 2022
In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in...
Moderate
Unreviewed
CVE-2022-36321
was published
Jul 21, 2022
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log...
Moderate
Unreviewed
CVE-2016-8912
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API