Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,825
Erlang
36
GitHub Actions
32
Go
2,419
Maven
5,000+
npm
4,055
NuGet
723
pip
3,847
Pub
12
RubyGems
934
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+

17 advisories

Loading
Directus tokens are not redacted in flow logs, exposing session credentials to all admin Moderate
CVE-2025-53886 was published for directus (npm) Jul 15, 2025
licitdev
Directus is vulnerable to sensitive data exposure as user data is not being redacted when logged Moderate
CVE-2025-53885 was published for directus (npm) Jul 15, 2025
Snyk CLI Insertion of Sensitive Information into Log File allowed in DEBUG or DEBUG/TRACE mode Low
CVE-2025-6624 was published for github.com/snyk/go-application-framework (Go) Jun 26, 2025
Directus inserts access token from query string into logs Moderate
CVE-2024-47822 was published for @directus/api (npm) Apr 14, 2025
licitdev
MongoDB Driver may publish events containing authentication-related data Moderate
CVE-2021-32050 was published for github.com/mongodb/mongo-swift-driver (Composer) Aug 29, 2023
Logging of the firestore key within nodejs-firestore Moderate
CVE-2023-6460 was published for @google-cloud/firestore (npm) Dec 4, 2023
abhishekwebcode
@workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled Low
CVE-2024-51752 was published for @workos-inc/authkit-nextjs (npm) Nov 5, 2024
RichardoC
@workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled Low
CVE-2024-51753 was published for @workos-inc/authkit-remix (npm) Nov 5, 2024
@valtimo/components exposes access token to form.io Critical
CVE-2024-34706 was published for @valtimo/components (npm) May 13, 2024
react-native-mmkv Insertion of Sensitive Information into Log File vulnerability Moderate
CVE-2024-21668 was published for react-native-mmkv (npm) Jan 9, 2024
maxammann
@mittwald/kubernetes's secret contents leaked via debug logging Moderate
GHSA-g35x-j6jj-8g7j was published for @mittwald/kubernetes (npm) May 2, 2023
directus vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2023-28443 was published for directus (npm) Mar 23, 2023
JohnHillegass
Information Exposure in Snyk Broker High
CVE-2020-7654 was published for snyk-broker (npm) Jun 3, 2020
npm CLI exposing sensitive information through logs Moderate
CVE-2020-15095 was published for npm (npm) Jul 7, 2020
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log Low
CVE-2022-31186 was published for next-auth (npm) Aug 6, 2022
ShuPink
Information Exposure in cordova-android High
CVE-2016-6799 was published for cordova-android (npm) Sep 11, 2020
Sensitive Data Exposure in sequelize-cli Low
GHSA-3xc7-xg67-pw99 was published for sequelize-cli (npm) Jun 5, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database