Apache Airflow Information Disclosure Vulnerability (CNVD-2026-00003)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow suffers from an information disclosure vulnerability th...

Insertion of Sensitive Information Into Sent Data

Amendment This issue was found to be a duplicate. The original vulnerability with details can be found here. Credit: William Ashe...

GHSA-FV47-PQH6-WXGQ Apache Airflow exposes secret values to authenticated UI users via rendered templates

A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization. Users are recommended to upgrade to version 3.1.4, which fixes this...

Apache Airflow 安全漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow suffers from an information disclosure vulnerability th...

EUVD-2022-32098

Malicious code in bioql PyPI...

Canonical LXD Vulnerable to Privilege Escalation via WebSocket Connection Hijacking in Operations API

Impact LXD's operations API includes secret values necessary for WebSocket connections when retrieving information about running operations. These secret values are used for authentication of WebSocket connections for terminal and console sessions. Therefore, attackers with only read permissions...

Missing Origin Validation in WebSockets

Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via the operations API response, which includes secret values used for authenticating WebSocket connections. An attacker can execute arbitrary commands with the privileges of another user by...

CVE-2024-24939

In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible...

UBUNTU-CVE-2025-0495

Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.15.1 security update

An update is now available for Red Hat OpenShift GitOps v1.15.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

GO-2025-3431 kube-audit-rest's example logging configuration could disclose secret values in the audit log in github.com/RichardoC/kube-audit-rest

kube-audit-rest's example logging configuration could disclose secret values in the audit log in github.com/RichardoC/kube-audit-rest...

GO-2025-3433 Argo CD does not scrub secret values from patch errors in github.com/argoproj/argo-cd

Argo CD does not scrub secret values from patch errors in github.com/argoproj/argo-cd...

GO-2025-3437 Argo CD GitOps Engine does not scrub secret values from patch errors in github.com/argoproj/gitops-engine

Argo CD GitOps Engine does not scrub secret values from patch errors in github.com/argoproj/gitops-engine. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

Qnap QTS Out-of-bounds Read (CVE-2022-27598)

A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP QVR Pro appliances...

Information Exposure Through An Error Message

org.jenkins-ci.main:jenkins-core is vulnerable to Information Exposure Through an Error Message. The vulnerability is due to improper redaction of multi-line secret values in error messages generated from form submissions involving the secretTextarea form field...

BIT-JENKINS-2024-47803

Jenkins LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the secretTextarea form field...

CVE-2024-47803

Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the secretTextarea form field...

CVE-2024-47803

Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the secretTextarea form field...

ansible-core: possible information leak in tasks that ignore ANSIBLE_NO_LOG configuration

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLENOLOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as...

PT-2024-2620 · Cloud Native Computing Foundation · Helm

Name of the Vulnerable Software and Affected Versions: Helm versions through 3.13.3 Description: An issue was discovered in Cloud Native Computing Foundation CNCF Helm where it displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a...