GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,198
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,702
NuGet
660
pip
3,328
Pub
11
RubyGems
883
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+
736 advisories
Filter by severity
Sensitive Data Exposure in sequelize-cli
Low
GHSA-3xc7-xg67-pw99
was published
for
sequelize-cli
(npm)
Jun 5, 2019
Log injection in SimpleSAMLphp
Low
CVE-2020-5225
was published
for
simplesamlphp/simplesamlphp
(Composer)
Jan 24, 2020
Potential unauthorized access to stored request & session data when plugin is misconfigured in October CMS Debugbar
Moderate
CVE-2020-11094
was published
for
rainlab/debugbar-plugin
(Composer)
Jun 3, 2020
Information Exposure in cordova-android
High
CVE-2016-6799
was published
for
cordova-android
(npm)
Sep 11, 2020
Helm OCI credentials leaked into Argo CD logs
Moderate
GHSA-6w87-g839-9wv7
was published
for
github.com/argoproj/argo-cd
(Go)
May 21, 2021
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to...
Moderate
Unreviewed
CVE-2019-14782
was published
May 24, 2022
Shopware's log module vulnerable to Improper Output Neutralization
Low
CVE-2023-22733
was published
for
shopware/core
(Composer)
Jan 20, 2023
Insertion of Sensitive Information into Log File in ansible
Moderate
CVE-2021-20180
was published
for
ansible
(pip)
Mar 17, 2022
In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which...
Moderate
Unreviewed
CVE-2022-25518
was published
Mar 24, 2022
Insertion of Sensitive Information into Log File in Jupyter notebook
High
CVE-2022-24757
was published
for
jupyter-server
(pip)
Mar 25, 2022
Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read application...
High
Unreviewed
CVE-2021-38283
was published
Nov 30, 2021
In ArrayMap, there is a possible leak of the content of SMS messages due to log information...
Low
Unreviewed
CVE-2021-39739
was published
Mar 31, 2022
TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information...
High
Unreviewed
CVE-2022-27442
was published
Apr 5, 2022
Sensitive Auth & Cookie data stored in Jupyter server logs
High
CVE-2022-24758
was published
for
notebook
(pip)
Apr 5, 2022
An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker can...
High
Unreviewed
CVE-2021-45103
was published
Apr 7, 2022
Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to...
Low
Unreviewed
CVE-2022-1157
was published
Apr 12, 2022
Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be...
Moderate
Unreviewed
CVE-2022-28774
was published
May 12, 2022
Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions...
Low
Unreviewed
CVE-2022-36877
was published
Sep 10, 2022
Insertion of Sensitive Information into Log File in Elasticsearch
Moderate
CVE-2020-7021
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 24, 2022
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an...
Moderate
Unreviewed
CVE-2019-15508
was published
May 24, 2022
Insertion of Sensitive Information into Log File in Jenkins Mask Passwords Plugin
Moderate
CVE-2019-10370
was published
for
org.jenkins-ci.plugins:mask-passwords
(Maven)
May 24, 2022
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway...
Moderate
Unreviewed
CVE-2022-20807
was published
May 28, 2022
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an...
Moderate
Unreviewed
CVE-2019-15507
was published
May 24, 2022
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway...
Moderate
Unreviewed
CVE-2022-20809
was published
May 27, 2022
Exposure of Sensitive Information in Gradle publish plugin
Moderate
CVE-2020-7599
was published
for
com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API