GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
110 advisories
Filter by severity
API keys stored in plain text by Jenkins Katalon Plugin
Moderate
CVE-2022-43419
was published
for
org.jenkins-ci.plugins:katalon
(Maven)
Oct 19, 2022
python-oslo-utils has improper password parsing
Moderate
CVE-2022-0718
was published
for
oslo-utils
(pip)
Aug 29, 2022
Improper masking of credentials Jenkins in Git Plugin
Moderate
CVE-2022-38663
was published
for
org.jenkins-ci.plugins:git
(Maven)
Aug 24, 2022
Jenkins OpsGenie Plugin Plaintext Storage of a Password vulnerability
Moderate
CVE-2022-34803
was published
for
org.jenkins-ci.plugins:opsgenie
(Maven)
Jul 1, 2022
Jenkins Deployment Dashboard Plugin has Insufficiently Protected Credentials
Moderate
CVE-2022-34796
was published
for
org.jenkins-ci.plugins:ec2-deployment-dashboard
(Maven)
Jul 1, 2022
Plaintext Storage of a Password in Jenkins Convertigo Mobile Platform Plugin
Moderate
CVE-2022-34199
was published
for
com.convertigo.jenkins.plugins:convertigo-mobile-platform
(Maven)
Jun 24, 2022
Insufficiently Protected Credentials via Insecure Temporary File in org.apache.nifi:nifi-single-user-utils
Moderate
CVE-2022-26850
was published
for
org.apache.nifi:nifi-single-user-utils
(Maven)
Jun 20, 2022
Mechanize before v2.8.5 vulnerable to authorization header leak on port redirect
Moderate
CVE-2022-31033
was published
for
mechanize
(RubyGems)
Jun 9, 2022
Jenkins Gem Publisher Plugin stores credentials as plaintext
Moderate
CVE-2019-10426
was published
for
net.arangamani.jenkins:gem-publisher
(Maven)
May 24, 2022
Jenkins GitLab Logo Plugin stores credentials unencrypted
Moderate
CVE-2019-10429
was published
for
org.jenkins-ci.plugins:gitlab-logo
(Maven)
May 24, 2022
Apache Superset allowed for database connections password leak for authenticated users
Moderate
CVE-2021-41972
was published
for
apache-superset
(pip)
May 24, 2022
Password stored in plain text by Jenkins Nomad Plugin
Moderate
CVE-2021-21681
was published
for
org.jenkins-ci.plugins:nomad
(Maven)
May 24, 2022
Passwords stored in plain text by Jenkins Jabber (XMPP) notifier and control Plugin
Moderate
CVE-2021-21634
was published
for
org.jvnet.hudson.plugins:jabber
(Maven)
May 24, 2022
SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod
Moderate
CVE-2021-25284
was published
for
salt
(pip)
May 24, 2022
Credentials stored in plain text by Jenkins TraceTronic ECU-TEST Plugin
Moderate
CVE-2021-21612
was published
for
de.tracetronic.jenkins.plugins:ecutest
(Maven)
May 24, 2022
Credentials stored in plain text by Jenkins Bumblebee HP ALM Plugin
Moderate
CVE-2021-21614
was published
for
org.jenkins-ci.plugins:bumblebee
(Maven)
May 24, 2022
Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin
Moderate
CVE-2020-2318
was published
for
org.jenkins-ci.plugins:mailcommander
(Maven)
May 24, 2022
Password written to the build log by Jenkins SQLPlus Script Runner Plugin
Moderate
CVE-2020-2312
was published
for
org.jenkins-ci.plugins:sqlplus-script-runner
(Maven)
May 24, 2022
Secret stored in plain text by Jenkins Slack Upload Plugin
Moderate
CVE-2020-2208
was published
for
org.jenkins-ci.plugins:slack-uploader
(Maven)
May 24, 2022
Password stored in plain text by Jenkins TestComplete support Plugin
Moderate
CVE-2020-2209
was published
for
org.jenkins-ci.plugins:TestComplete
(Maven)
May 24, 2022
Credentials stored in plain text by Jenkins White Source Plugin
Moderate
CVE-2020-2213
was published
for
org.jenkins-ci.plugins:whitesource
(Maven)
May 24, 2022
Secret stored in plain text by Jenkins GitHub Coverage Reporter Plugin
Moderate
CVE-2020-2212
was published
for
io.jenkins.plugins:github-coverage-reporter
(Maven)
May 24, 2022
nsufficiently Protected Credentials in ActiveMQ Artemis
Moderate
CVE-2020-10727
was published
for
org.apache.activemq:artemis-commons
(Maven)
May 24, 2022
Openstack cinder Improper handling of ScaleIO backend credentials
Moderate
CVE-2020-10755
was published
for
cinder
(pip)
May 24, 2022
Missing permission check in Jenkins Project Inheritance Plugin
Moderate
CVE-2020-2198
was published
for
hudson.plugins:project-inheritance
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API