Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

15 advisories

Loading
flask-cors vulnerable to log injection when the log level is set to debug Moderate
CVE-2024-1681 was published for flask-cors (pip) Apr 19, 2024
bayandin
Sentry vulnerable to leaking superuser cleartext password in logs High
CVE-2024-32474 was published for sentry (pip) Apr 18, 2024
lluuaapp
Keycloak vulnerable to log Injection during WebAuthn authentication or registration Moderate
CVE-2023-6484 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
dhvakr
Potential log injection in reset user endpoint in CKAN Moderate
CVE-2024-27097 was published for ckan (pip) Mar 13, 2024
ZuhairORZaki
Ansible-core information disclosure flaw Moderate
CVE-2024-0690 was published for ansible-core (pip) Feb 6, 2024
Shopware's log module vulnerable to Improper Output Neutralization Low
CVE-2023-22733 was published for shopware/core (Composer) Jan 20, 2023
Yapscan's report receiver server vulnerable to path traversal and log injection High
GHSA-9h6h-9g78-86f7 was published for github.com/fkie-cad/yapscan (Go) Dec 29, 2022
tdunlap607
Gin's default logger allows unsanitized input that can allow remote attackers to inject arbitrary log lines High
CVE-2020-36567 was published for github.com/gin-gonic/gin (Go) Dec 27, 2022
Log Injection in Apache Sling Commons Log and Apache Sling API Moderate
CVE-2022-32549 was published for org.apache.sling:org.apache.sling.api (Maven) Jun 23, 2022
Improper Output Neutralization for Logs in Spring Framework Moderate
CVE-2021-22096 was published for org.springframework:spring (Maven) May 24, 2022
artanaliji
Ansible Uses Plugins That Disclose Credentials High
CVE-2019-14846 was published for ansible (pip) May 24, 2022
Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible Moderate
CVE-2020-14330 was published for ansible (pip) Feb 9, 2022
Insertion of Sensitive Information into Log File and Improper Output Neutralization for Logs in ansible Moderate
CVE-2020-14332 was published for ansible (pip) Feb 9, 2022
jhampson-dbre
Temporary urls leaked via logging Low
CVE-2017-8761 was published for swift (pip) Jun 8, 2021
Log Forging in generator-jhipster-kotlin Moderate
CVE-2020-4072 was published for generator-jhipster-kotlin (npm) Jun 25, 2020
ProTip! Advisories are also available from the GraphQL API