EUVD-2026-33589

A bug in Apache Airflow's Variable response masker caused nested-key redaction triggered by secret-suffixed key names like password, token, secret, apikey to be bypassed when the JSON value's nesting depth exceeded the shared secrets masker's recursion limit: the masker returned the original nest...

Apache Airflow Information Disclosure Vulnerability (CNVD-2026-00003)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow suffers from an information disclosure vulnerability th...

Insertion of Sensitive Information Into Sent Data

Amendment This issue was found to be a duplicate. The original vulnerability with details can be found here. Credit: William Ashe...

GHSA-FV47-PQH6-WXGQ Apache Airflow exposes secret values to authenticated UI users via rendered templates

A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization. Users are recommended to upgrade to version 3.1.4, which fixes this...

Apache Airflow 安全漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow suffers from an information disclosure vulnerability th...

EUVD-2024-0003

Malicious code in bioql PyPI...

EUVD-2022-32098

Malicious code in bioql PyPI...

Missing Origin Validation in WebSockets

Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via the operations API response, which includes secret values used for authenticating WebSocket connections. An attacker can execute arbitrary commands with the privileges of another user by...

Canonical LXD Vulnerable to Privilege Escalation via WebSocket Connection Hijacking in Operations API

Impact LXD's operations API includes secret values necessary for WebSocket connections when retrieving information about running operations. These secret values are used for authentication of WebSocket connections for terminal and console sessions. Therefore, attackers with only read permissions...

CVE-2024-24939

In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible...

CVE-2022-27221

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown strin...

UBUNTU-CVE-2025-0495

Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...

Information Disclosure

Jenkins is vulnerable to information disclosure. The vulnerability is due to improper redaction of encrypted secret values in config.xml when accessed via REST API or CLI, allowing attackers with View/Read permission to retrieve sensitive information...

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.15.1 security update

An update is now available for Red Hat OpenShift GitOps v1.15.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

GO-2025-3437 Argo CD GitOps Engine does not scrub secret values from patch errors in github.com/argoproj/gitops-engine

Argo CD GitOps Engine does not scrub secret values from patch errors in github.com/argoproj/gitops-engine. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

GO-2025-3433 Argo CD does not scrub secret values from patch errors in github.com/argoproj/argo-cd

Argo CD does not scrub secret values from patch errors in github.com/argoproj/argo-cd...

GO-2025-3431 kube-audit-rest's example logging configuration could disclose secret values in the audit log in github.com/RichardoC/kube-audit-rest

kube-audit-rest's example logging configuration could disclose secret values in the audit log in github.com/RichardoC/kube-audit-rest...

CVE-2025-23216 Argo CD does not scrub secret values from patch errors

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes the user has write...

CVE-2025-23216 Argo CD does not scrub secret values from patch errors

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes the user has write...

Qnap QTS Out-of-bounds Read (CVE-2022-27598)

A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP QVR Pro appliances...