GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
115 advisories
Directus tokens are not redacted in flow logs, exposing session credentials to all admin
Moderate
CVE-2025-53886
was published
for
directus
(npm)
Jul 15, 2025
Apache IoTDB JDBC Driver Discloses Sensitive Information via Log Files
Moderate
CVE-2025-26795
was published
for
org.apache.iotdb:iotdb-jdbc
(Maven)
May 14, 2025
OpenBao Inserts Sensitive Information into Log File when processing malformed data
Moderate
CVE-2025-52893
was published
for
github.com/openbao/openbao/sdk/v2/framework
(Go)
Jun 26, 2025
mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data
Moderate
GHSA-fv92-fjc5-jj9h
was published
for
github.com/go-viper/mapstructure/v2
(Go)
Jun 27, 2025
Insertion of Sensitive Information into Log File in OWASP DependencyCheck
Moderate
CVE-2024-23686
was published
for
org.owasp:dependency-check-ant
(Maven)
Jan 20, 2024
Yii 2 Redis may expose AUTH parameters in logs in case of connection failure
Moderate
CVE-2025-48493
was published
for
yiisoft/yii2-redis
(Composer)
Jun 5, 2025
Directus inserts access token from query string into logs
Moderate
CVE-2024-47822
was published
for
@directus/api
(npm)
Apr 14, 2025
Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs
Moderate
CVE-2025-32016
was published
for
Microsoft.Identity.Abstractions
(NuGet)
Apr 9, 2025
buildx allows a possible credential leakage to telemetry endpoint
Moderate
CVE-2025-0495
was published
for
github.com/docker/buildx
(Go)
Mar 17, 2025
Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged
Moderate
CVE-2023-50740
was published
for
org.apache.linkis:linkis
(Maven)
Mar 6, 2024
ProTip!
Advisories are also available from the
GraphQL API