GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
43 advisories
Filter by severity
Information Disclosure in HashiCorp Vault
High
CVE-2020-13223
was published
for
github.com/hashicorp/vault
(Go)
May 18, 2021
Information Disclosure in go.elastic.co/apm
Low
CVE-2021-22133
was published
for
go.elastic.co/apm
(Go)
May 18, 2021
Information Exposure in jaeger
Moderate
CVE-2020-10750
was published
for
github.com/jaegertracing/jaeger
(Go)
May 18, 2021
Helm OCI credentials leaked into Argo CD logs
Moderate
GHSA-6w87-g839-9wv7
was published
for
github.com/argoproj/argo-cd
(Go)
May 21, 2021
Insertion of Sensitive Information into Log File in Hashicorp go-getter
Moderate
CVE-2022-29810
was published
for
github.com/hashicorp/go-getter
(Go)
Apr 28, 2022
Secret insertion into debug log in Docker
High
CVE-2019-13509
was published
for
github.com/docker/docker
(Go)
May 24, 2022
Kubernetes client-go library logs may disclose credentials to unauthorized users
Moderate
CVE-2019-11250
was published
for
k8s.io/client-go
(Go)
May 24, 2022
Heketi logs sensitive information
Moderate
CVE-2020-10763
was published
for
github.com/heketi/heketi
(Go)
May 24, 2022
Weave GitOps leaked cluster credentials into logs on connection errors
Critical
CVE-2022-31098
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jun 23, 2022
HashiCorp Consul Template could reveal Vault secret contents in error messages
High
CVE-2022-38149
was published
for
github.com/hashicorp/consul-template
(Go)
Aug 18, 2022
Traefik may display authorization header in the debug logs
Low
CVE-2022-23469
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 8, 2022
Kubernetes Sensitive Information leak via Log File
Moderate
CVE-2020-8564
was published
for
github.com/kubernetes/kubernetes
(Go)
Feb 6, 2023
Kubernetes client-go vulnerable to Sensitive Information Leak via Log File
Moderate
CVE-2020-8565
was published
for
k8s.io/client-go
(Go)
Feb 6, 2023
Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set
Moderate
CVE-2023-24827
was published
for
github.com/anchore/syft
(Go)
Feb 8, 2023
Argo CD leaks repository credentials in user-facing error messages and in logs
Moderate
CVE-2023-25163
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Feb 8, 2023
OpenShift Assisted Installer leaks image pull secrets as plaintext in installation logs
Moderate
CVE-2021-3684
was published
for
github.com/openshift/assisted-installer
(Go)
Mar 24, 2023
Debug mode leaks confidential data in Cilium
High
CVE-2023-29002
was published
for
github.com/cilium/cilium
(Go)
Apr 19, 2023
secrets-store-csi-driver discloses service account tokens in logs
Moderate
CVE-2023-2878
was published
for
sigs.k8s.io/secrets-store-csi-driver
(Go)
May 26, 2023
Weave GitOps Terraform Controller Information Disclosure Vulnerability
High
CVE-2023-34236
was published
for
github.com/weaveworks/tf-controller
(Go)
Jul 14, 2023
Mattermost fails to sanitize post metadata
Moderate
CVE-2023-4108
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Aug 11, 2023
Improper log output when using GitHub Status Notifications in spinnaker
Moderate
CVE-2023-39348
was published
for
github.com/spinnaker/spinnaker
(Go)
Aug 29, 2023
Argo CD cluster secret might leak in cluster details page
Critical
CVE-2023-40029
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Sep 11, 2023
ydb-go-sdk token in custom credentials object can leak through logs
Moderate
CVE-2023-45825
was published
for
github.com/ydb-platform/ydb-go-sdk/v3
(Go)
Oct 19, 2023
SpiceDB leaks information in log files when URI cannot be parsed
Moderate
CVE-2023-46255
was published
for
github.com/authzed/spicedb
(Go)
Oct 31, 2023
Headscale writes bearer tokens to info-level logs
High
CVE-2023-47390
was published
for
github.com/juanfont/headscale
(Go)
Nov 11, 2023
ProTip!
Advisories are also available from the
GraphQL API