GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
12 advisories
Filter by severity
Exposure of vSphere's CPI and CSI credentials in Rancher
High
CVE-2022-45157
was published
for
github.com/rancher/rancher
(Go)
Oct 25, 2024
Grafana plugin SDK Information Leakage
Critical
CVE-2024-8986
was published
for
github.com/grafana/grafana-plugin-sdk-go
(Go)
Sep 19, 2024
Docker CLI leaks private registry credentials to registry-1.docker.io
Moderate
CVE-2021-41092
was published
for
github.com/docker/cli
(Go)
Jun 10, 2024
apko Exposure of HTTP basic auth credentials in log output
High
CVE-2024-36127
was published
for
chainguard.dev/apko
(Go)
Jun 4, 2024
Trivy possibly leaks registry credential when scanning images from malicious registries
Moderate
CVE-2024-35192
was published
for
github.com/aquasecurity/trivy
(Go)
May 20, 2024
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
Moderate
CVE-2022-31130
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Weave GitOps Terraform Controller Information Disclosure Vulnerability
High
CVE-2023-34236
was published
for
github.com/weaveworks/tf-controller
(Go)
Jul 14, 2023
scs-library-client may leak user credentials to third-party service via HTTP redirect
Moderate
CVE-2022-23538
was published
for
github.com/sylabs/scs-library-client
(Go)
Jan 20, 2023
Containous Traefik Exposes Password Hashes
High
CVE-2019-12452
was published
for
github.com/traefik/traefik
(Go)
May 24, 2022
Exposure of repository credentials to external third-party sources in Rancher
High
CVE-2021-36778
was published
for
github.com/rancher/rancher
(Go)
May 2, 2022
containers/image library Insufficiently Protects Credentials
Moderate
CVE-2019-10214
was published
for
github.com/containers/image
(Go)
Feb 15, 2022
containerd v1.2.x can be coerced into leaking credentials during image pull
Moderate
CVE-2020-15157
was published
for
github.com/containerd/containerd
(Go)
Feb 11, 2022
ProTip!
Advisories are also available from the
GraphQL API