GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
179 advisories
RageAgainstThePixel/setup-steamcmd leaked authentication token in job output logs
High
GHSA-c5qx-p38x-qf5w
was published
for
RageAgainstThePixel/setup-steamcmd
(GitHub Actions)
Jul 21, 2025
buildalon/setup-steamcmd leaked authentication token in job output logs
High
GHSA-mj96-mh85-r574
was published
for
buildalon/setup-steamcmd
(GitHub Actions)
Jul 21, 2025
Directus tokens are not redacted in flow logs, exposing session credentials to all admin
Moderate
CVE-2025-53886
was published
for
directus
(npm)
Jul 15, 2025
mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data
Moderate
GHSA-fv92-fjc5-jj9h
was published
for
github.com/go-viper/mapstructure/v2
(Go)
Jun 27, 2025
OpenBao Inserts Sensitive Information into Log File when processing malformed data
Moderate
CVE-2025-52893
was published
for
github.com/openbao/openbao/sdk/v2
(Go)
Jun 26, 2025
Yii 2 Redis may expose AUTH parameters in logs in case of connection failure
Moderate
CVE-2025-48493
was published
for
yiisoft/yii2-redis
(Composer)
Jun 5, 2025
Contrast workload secrets leak to logs on INFO level
High
GHSA-h5f8-crrq-4pw8
was published
for
github.com/edgelesssys/contrast
(Go)
May 28, 2025
Apache IoTDB JDBC Driver Discloses Sensitive Information via Log Files
Moderate
CVE-2025-26795
was published
for
org.apache.iotdb:iotdb-jdbc
(Maven)
May 14, 2025
Directus inserts access token from query string into logs
Moderate
CVE-2024-47822
was published
for
@directus/api
(npm)
Apr 14, 2025
Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs
Moderate
CVE-2025-32016
was published
for
Microsoft.Identity.Abstractions
(NuGet)
Apr 9, 2025
canonical/get-workflow-version-action can leak a partial GITHUB_TOKEN in exception output
High
CVE-2025-31479
was published
for
canonical/get-workflow-version-action
(GitHub Actions)
Apr 2, 2025
buildx allows a possible credential leakage to telemetry endpoint
Moderate
CVE-2025-0495
was published
for
github.com/docker/buildx
(Go)
Mar 17, 2025
ProTip!
Advisories are also available from the
GraphQL API