GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
38 advisories
Filter by severity
Insertion of Sensitive Information into Log File in Elasticsearch
Moderate
CVE-2020-7021
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 24, 2022
Insertion of Sensitive Information into Log File in Jenkins Mask Passwords Plugin
Moderate
CVE-2019-10370
was published
for
org.jenkins-ci.plugins:mask-passwords
(Maven)
May 24, 2022
Exposure of Sensitive Information in Gradle publish plugin
Moderate
CVE-2020-7599
was published
for
com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin
(Maven)
May 24, 2022
Credential exposure through log files in Undertow
Critical
CVE-2019-3888
was published
for
io.undertow:undertow-core
(Maven)
Jun 13, 2019
Potential to access user credentials from the log files when debug logging enabled
Critical
CVE-2019-10212
was published
for
io.undertow:undertow-core
(Maven)
Nov 20, 2019
Sensitive information disclosure via log in com.bmuschko:gradle-vagrant-plugin
High
CVE-2021-21361
was published
for
com.bmuschko:gradle-vagrant-plugin
(Maven)
Mar 9, 2021
Insertion of Sensitive Information into Log File in Apache Geode
High
CVE-2021-34797
was published
for
org.apache.geode:geode-core
(Maven)
Jan 6, 2022
OpenNMS has potential Insertion of Sensitive Information into Log File vulnerability
Moderate
CVE-2023-0815
was published
for
org.opennms:opennms
(Maven)
Feb 23, 2023
Spring Vault vulnerable to insertion of sensitive information into a log file
Moderate
CVE-2023-20859
was published
for
org.springframework.vault:spring-vault-core
(Maven)
Mar 23, 2023
Veracode Scan Jenkins Plugin vulnerable to information disclosure
Moderate
CVE-2023-25721
was published
for
com.veracode.jenkins:veracode-scan
(Maven)
Mar 28, 2023
Wildfly logs plaintext passwords
Moderate
CVE-2020-25640
was published
for
org.wildfly:wildfly-parent
(Maven)
Feb 15, 2022
Insertion of Sensitive Information into Log File in Apache NiFi
High
CVE-2020-1942
was published
for
org.apache.nifi:nifi-framework-core
(Maven)
Jan 6, 2022
ovirt-engine Logs Plaintext Passwords To File
Moderate
CVE-2017-15113
was published
for
org.ovirt.engine.sdk:ovirt-engine-sdk-java
(Maven)
May 13, 2022
•
withdrawn
Insertion of Sensitive Information into Log File in Apache NiFi Stateless
High
CVE-2020-9486
was published
for
org.apache.nifi:nifi-stateless
(Maven)
Jan 6, 2022
Apache NiFi Insertion of Sensitive Information into Log File
Moderate
CVE-2020-1928
was published
for
org.apache.nifi:nifi-parameter
(Maven)
Jan 6, 2022
Jenkins Amazon EC2 Plugin leaked beginning of private key in system log
Moderate
CVE-2019-10364
was published
for
org.jenkins-ci.plugins:ec2
(Maven)
May 24, 2022
Jenkins Folders Plugin information disclosure vulnerability
Moderate
CVE-2023-40338
was published
for
org.jenkins-ci.plugins:cloudbees-folder
(Maven)
Aug 16, 2023
Jenkins HashiCorp Vault Plugin has improper masking of credentials
Moderate
CVE-2023-33001
was published
for
com.datapipe.jenkins.plugins:hashicorp-vault-plugin
(Maven)
May 16, 2023
Apache Santuario - XML Security for Java are vulnerable to private key disclosure
Moderate
CVE-2023-44483
was published
for
org.apache.santuario:xmlsec
(Maven)
Oct 20, 2023
Lightbend Alpakka Kafka logs credentials on debug level
Moderate
CVE-2023-29471
was published
for
com.typesafe.akka:akka-stream-kafka
(Maven)
Apr 27, 2023
Elasticsearch allows insertion of sensitive information into log files when using deprecated URIs
Moderate
CVE-2023-31417
was published
for
org.elasticsearch:elasticsearch
(Maven)
Oct 26, 2023
Insertion of Sensitive Information into Log File in Jenkins Configuration as Code Plugin
Moderate
CVE-2019-10367
was published
for
io.jenkins:configuration-as-code
(Maven)
May 24, 2022
Sensitive parameter values captured in build metadata files by Jenkins Parameterized Trigger Plugin
Low
CVE-2022-27195
was published
for
org.jenkins-ci.plugins:parameterized-trigger
(Maven)
Mar 16, 2022
Plaintext Storage of a Password in Jenkins Configuration as Code Plugin
Moderate
CVE-2019-10345
was published
for
io.jenkins:configuration-as-code
(Maven)
May 24, 2022
Maven Integration Plugin did not mask sensitive values in module build logs
Moderate
CVE-2019-10358
was published
for
org.jenkins-ci.main:maven-plugin
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API