Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,811
Erlang
36
GitHub Actions
32
Go
2,396
Maven
5,000+
npm
4,033
NuGet
721
pip
3,824
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

38 advisories

Loading
Apache Pulsar Kafka Connector Logs Sensitive Information in Application Logs Moderate
CVE-2025-30677 was published for org.apache.pulsar:pulsar-io-kafka (Maven) Apr 9, 2025
Apache ActiveMQ Artemis Vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2025-27391 was published for org.apache.activemq:artemis-project (Maven) Apr 9, 2025
Apache IoTDB JDBC Driver Discloses Sensitive Information via Log Files Moderate
CVE-2025-26795 was published for org.apache.iotdb:iotdb-jdbc (Maven) May 14, 2025
AnonySE26
Insertion of Sensitive Information into Log File in OWASP DependencyCheck Moderate
CVE-2024-23686 was published for org.owasp:dependency-check-ant (Maven) Jan 20, 2024
r3kumar
Para Inserts Sensitive Information into Log File for Facebook authentication Moderate
CVE-2025-49009 was published for com.erudika:para-server (Maven) Jun 6, 2025
Para Server Logs Sensitive Information Moderate
CVE-2025-48955 was published for com.erudika:para-server (Maven) May 30, 2025
Invalid HTTP requests in Reactor Netty HTTP Server may reveal access tokens Moderate
CVE-2022-31684 was published for io.projectreactor.netty:reactor-netty-http (Maven) Oct 20, 2022
Jenkins MQ Notifier Plugin exposes sensitive information in build logs Moderate
CVE-2024-28154 was published for com.sonymobile.jenkins.plugins.mq:mq-notifier (Maven) Mar 6, 2024
Infinispan vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2025-0736 was published for org.infinispan:infinispan-parent (Maven) Jan 28, 2025
Elasticsearch allows insertion of sensitive information into log files when using deprecated URIs Moderate
CVE-2023-31417 was published for org.elasticsearch:elasticsearch (Maven) Oct 26, 2023
Apache Santuario - XML Security for Java are vulnerable to private key disclosure Moderate
CVE-2023-44483 was published for org.apache.santuario:xmlsec (Maven) Oct 20, 2023
Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged Moderate
CVE-2023-50740 was published for org.apache.linkis:linkis (Maven) Mar 6, 2024
oscerd
Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log Moderate
CVE-2024-52067 was published for org.apache.nifi:nifi-framework-core (Maven) Feb 11, 2025
Quarkus CXF logs passwords and other secrets Moderate
CVE-2024-9621 was published for io.quarkiverse.cxf:quarkus-cxf (Maven) Oct 8, 2024
Jberet: jberet-core logging database credentials Moderate
CVE-2024-1102 was published for org.jberet:jberet-core (Maven) Apr 25, 2024
Improper masking of credentials in Jenkins Pipeline Maven Integration Plugin Moderate
CVE-2023-41934 was published for org.jenkins-ci.plugins:pipeline-maven (Maven) Sep 6, 2023
Elasticsearch Insertion of Sensitive Information into Log File Moderate
CVE-2023-49921 was published for org.elasticsearch:elasticsearch (Maven) Jul 26, 2024
Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin Moderate
CVE-2024-39460 was published for org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven) Jun 26, 2024
SonarQube logs sensitive information Moderate
CVE-2024-38460 was published for org.sonarsource.sonarqube:sonar-web (Maven) Jun 16, 2024
Keycloak leaks sensitive information in logged exceptions Moderate
CVE-2020-1698 was published for org.keycloak:keycloak-core (Maven) May 24, 2022
Insertion of Sensitive Information into Log File in Apache Tomcat Moderate
CVE-2011-2204 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Insertion of Sensitive Information into Log File in Jenkins Configuration as Code Plugin Moderate
CVE-2019-10343 was published for io.jenkins:configuration-as-code (Maven) May 24, 2022
Maven Integration Plugin did not mask sensitive values in module build logs Moderate
CVE-2019-10358 was published for org.jenkins-ci.main:maven-plugin (Maven) May 24, 2022
Plaintext Storage of a Password in Jenkins Configuration as Code Plugin Moderate
CVE-2019-10345 was published for io.jenkins:configuration-as-code (Maven) May 24, 2022
Insertion of Sensitive Information into Log File in Jenkins Configuration as Code Plugin Moderate
CVE-2019-10367 was published for io.jenkins:configuration-as-code (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database