Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,850
Erlang
36
GitHub Actions
34
Go
2,480
Maven
5,000+
npm
4,097
NuGet
734
pip
3,910
Pub
12
RubyGems
945
Rust
1,014
Swift
39
Unreviewed advisories
All unreviewed
5,000+

15 advisories

Loading
NeuVector process with sensitive arguments lead to leakage Moderate
CVE-2025-54467 was published for github.com/neuvector/neuvector (Go) Aug 28, 2025
Mattermost has Insufficiently Protected Credentials Low
CVE-2025-6227 was published for github.com/mattermost/mattermost-server (Go) Jul 18, 2025
Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS Moderate
CVE-2025-32963 was published for github.com/minio/operator (Go) Apr 21, 2025
bburky pjuarezd
Exposure of vSphere's CPI and CSI credentials in Rancher High
CVE-2022-45157 was published for github.com/rancher/rancher (Go) Oct 25, 2024
Grafana plugin SDK Information Leakage Critical
CVE-2024-8986 was published for github.com/grafana/grafana-plugin-sdk-go (Go) Sep 19, 2024
Docker CLI leaks private registry credentials to registry-1.docker.io Moderate
CVE-2021-41092 was published for github.com/docker/cli (Go) Jun 10, 2024
apko Exposure of HTTP basic auth credentials in log output High
CVE-2024-36127 was published for chainguard.dev/apko (Go) Jun 4, 2024
kolloch
Trivy possibly leaks registry credential when scanning images from malicious registries Moderate
CVE-2024-35192 was published for github.com/aquasecurity/trivy (Go) May 20, 2024
lyoung-confluent
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins Moderate
CVE-2022-31130 was published for github.com/grafana/grafana (Go) May 14, 2024
joaxcar
Weave GitOps Terraform Controller Information Disclosure Vulnerability High
CVE-2023-34236 was published for github.com/weaveworks/tf-controller (Go) Jul 14, 2023
greenu
scs-library-client may leak user credentials to third-party service via HTTP redirect Moderate
CVE-2022-23538 was published for github.com/sylabs/scs-library-client (Go) Jan 20, 2023
Containous Traefik Exposes Password Hashes High
CVE-2019-12452 was published for github.com/traefik/traefik (Go) May 24, 2022
Exposure of repository credentials to external third-party sources in Rancher High
CVE-2021-36778 was published for github.com/rancher/rancher (Go) May 2, 2022
dasMulli
containers/image library Insufficiently Protects Credentials Moderate
CVE-2019-10214 was published for github.com/containers/image (Go) Feb 15, 2022
containerd v1.2.x can be coerced into leaking credentials during image pull Moderate
CVE-2020-15157 was published for github.com/containerd/containerd (Go) Feb 11, 2022
bgeesaman joshlarsen
IanColdwater mauilion raesene
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database