Ansible

This hub aggregates every CVE we track for Ansible, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Ansible.

• CVE-2025-14010Ansible-collection-community-general: ansible-collection-community-general: keycloak user module leaks credentials in verbose output5.5Dec 4, 2025
• CVE-2024-9902Ansible-core: ansible-core user may read/write unauthorized content6.3Nov 6, 2024
• CVE-2024-0690Ansible-core: possible information leak in tasks that ignore ansible_no_log configuration5.0Feb 6, 2024
• CVE-2023-5115Ansible: malicious role archive can cause ansible-galaxy to overwrite arbitrary files6.3Dec 18, 2023
• CVE-2023-5764Ansible: template injection7.1Dec 12, 2023
• CVE-2023-4237Platform: ec2_key module prints out the private key directly to the standard output7.3Oct 4, 2023
• CVE-2023-32983Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them.5.3May 16, 2023
• CVE-2023-32982Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read ...4.3May 16, 2023
• CVE-2022-3697A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issu...7.5Oct 28, 2022
• CVE-2021-20180A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This fl...5.5Mar 16, 2022
• CVE-2021-3620A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest ...5.5Mar 3, 2022
• CVE-2021-33924Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its auxiliary component that allows remote attackers to access sensitive information.9.8Sep 29, 2021
• CVE-2021-3583A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-l...7.1Sep 22, 2021
• CVE-2020-10729A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file sinc...5.5May 27, 2021
• CVE-2021-20191A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage...5.5May 26, 2021