Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

22 advisories

Loading
Tina search token leak via lock file in TinaCMS High
CVE-2024-45391 was published for @tinacms/cli (npm) Sep 3, 2024
kldavis4 mattsbennett
Sentry vulnerable to leaking superuser cleartext password in logs High
CVE-2024-32474 was published for sentry (pip) Apr 18, 2024
lluuaapp
Solr search discloses password hashes of all users High
CVE-2023-50719 was published for org.xwiki.platform:xwiki-platform-search-solr-api (Maven) Dec 16, 2023
lakeFS logs S3 credentials in plain text High
GHSA-4rgc-5g6r-2rjf was published for github.com/treeverse/lakefs (Go) Dec 12, 2023
Nautobot vulnerable to exposure of hashed user passwords via REST API High
CVE-2023-46128 was published for nautobot (pip) Oct 24, 2023
Weave GitOps Terraform Controller Information Disclosure Vulnerability High
CVE-2023-34236 was published for github.com/weaveworks/tf-controller (Go) Jul 14, 2023
greenu
HashiCorp Boundary Workers Store Rotated Credentials in Plaintext Even When Key Management Service Configured High
CVE-2023-0690 was published for github.com/hashicorp/boundary (Go) Jul 6, 2023
Data written to GitHub Actions Cache may expose secrets High
CVE-2023-30853 was published for gradle/gradle-build-action (GitHub Actions) May 1, 2023
bigdaz
Strapi leaking sensitive user information by filtering on private fields High
CVE-2023-22894 was published for @strapi/strapi (npm) Apr 19, 2023
derrickmehaffy Ccamm
Convly Marc-Roig
Devise Gem for Ruby Unauthorized Access Using "Remember Me" Cookie High
CVE-2015-8314 was published for devise (RubyGems) Jan 26, 2023
Plaintext storage of sensitive data in Rancher API and cluster.management.cattle.io objects High
CVE-2022-43757 was published for github.com/rancher/rancher (Go) Jan 25, 2023
Password exposure in H2 Database High
CVE-2022-45868 was published for com.h2database:h2 (Maven) Nov 23, 2022
mrjonstrong pjfanning
amita-seal
Grafana information disclosure High
CVE-2020-12458 was published for github.com/grafana/grafana (Go) May 24, 2022
Jenkins Delphix Plugin vulnerable to Cleartext credential storage High
CVE-2019-10453 was published for org.jenkins-ci.plugins:delphix (Maven) May 24, 2022
Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin High
CVE-2019-10448 was published for jenkins.xtc:extensivetesting (Maven) May 24, 2022
Jenkins iceScrum Plugin stores credentials in Cleartext High
CVE-2019-10443 was published for org.jenkins-ci.plugins:icescrum (Maven) May 24, 2022
Jenkins NeoLoad Plugin stores credentials in cleartext High
CVE-2019-10440 was published for org.jenkins-ci.plugins:neoload-jenkins-plugin (Maven) May 24, 2022
Plaintext Storage of Sensitive Information in Laravel Log Viewer before v0.13.0 High
CVE-2018-8947 was published for rap2hpoutre/laravel-log-viewer (Composer) May 13, 2022
django-celery-results Stores Sensitive Information In Cleartext High
CVE-2020-17495 was published for django-celery-results (pip) Jun 4, 2021
G-Rath
Cleartext storage of session identifier High
CVE-2020-26228 was published for typo3/cms (Composer) Nov 23, 2020
liayn bmack
ohader
django-nopassword stores secrets in cleartext High
CVE-2019-10682 was published for django-nopassword (pip) Jun 5, 2020
Sensitive data written to disk unencrypted in Spark High
CVE-2019-10099 was published for org.apache.spark:spark-core_2.11 (Maven) Aug 8, 2019
ProTip! Advisories are also available from the GraphQL API