Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

49 advisories

Loading
Information disclosure through error object in auth0.js High
CVE-2020-5263 was published for auth0-js (npm) Apr 10, 2020
In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. High
CVE-2021-45457 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
AWS CodeDeploy Plugin stored AWS Secret Key in plain text High
CVE-2018-1000403 was published for com.amazonaws:codedeploy (Maven) May 13, 2022
westonsteimel
Insufficiently Protected Credentials in PowerJob High
CVE-2020-28865 was published for com.github.kfcfans:powerjob (Maven) Jun 17, 2022
Insufficiently Protected Credentials and Improper Authentication in Spring Security High
CVE-2019-11272 was published for org.springframework.security:spring-security-cas (Maven) Jun 27, 2019
Incorrect implementation of lockout feature in Keycloak High
CVE-2021-3513 was published for org.keycloak:keycloak-parent (Maven) Aug 23, 2022
Apache Dolphin Scheduler has insufficiently protected credentials High
CVE-2022-26885 was published for org.apache.dolphinscheduler:dolphinscheduler-common (Maven) Nov 24, 2022
Exposure of repository credentials to external third-party sources in Rancher High
CVE-2021-36778 was published for github.com/rancher/rancher (Go) May 2, 2022
dasMulli
Jenkins Configuration as Code Plugin has Insufficiently Protected Credentials High
CVE-2018-1000610 was published for io.jenkins:configuration-as-code (Maven) May 13, 2022
Jenkins AWS CodePipeline Plugin has Insufficiently Protected Credentials High
CVE-2018-1000401 was published for com.amazonaws:aws-codepipeline (Maven) May 13, 2022
Insufficiently Protected Credentials in Jenkins AWS CodeBuild Plugin High
CVE-2018-1000404 was published for com.amazonaws:aws-codebuild (Maven) May 13, 2022
Jenkins Build-Publisher plugin has Insufficiently Protected Credentials High
CVE-2017-1000387 was published for org.jenkins-ci.plugins:build-publisher (Maven) May 13, 2022
Jenkins Dynatrace Plugin vulnerable to Insufficiently Protected Credentials High
CVE-2019-10461 was published for org.jenkins-ci.plugins:dynatrace-dashboard (Maven) May 24, 2022
Insufficiently Protected Credentials in Pivotal Reactor Netty High
CVE-2019-11284 was published for io.projectreactor.netty:reactor-netty (Maven) Oct 23, 2019
Insufficiently Protected Credentials in Apache Tomcat High
CVE-2019-12418 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Dec 26, 2019
Insufficient Nonce Validation in Eclipse Milo Client High
CVE-2019-19135 was published for org.eclipse.milo:sdk-client (Maven) Mar 16, 2020
Private key leak in Apache CXF High
CVE-2019-12423 was published for org.apache.cxf:apache-cxf (Maven) May 22, 2020
Improper permission handling in Apache Solr High
CVE-2021-29262 was published for org.apache.solr:solr-core (Maven) May 10, 2021
Basic-auth app bundle credential exposure in gatsby-source-wordpress High
CVE-2021-32770 was published for gatsby-source-wordpress (npm) Jul 19, 2021
Jenkins Zulip Plugin vulnerable to Insufficiently Protected Credentials High
CVE-2019-10476 was published for org.jenkins-ci.plugins:zulip (Maven) May 24, 2022
tdunlap607
Containous Traefik Exposes Password Hashes High
CVE-2019-12452 was published for github.com/traefik/traefik (Go) May 24, 2022
Sensitive data exposure in NATS High
CVE-2020-26149 was published for nats (npm) Oct 8, 2020
Password exposure in ShenYu High
CVE-2022-23223 was published for org.apache.shenyu:shenyu-common (Maven) Jan 28, 2022
tdunlap607
Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin High
CVE-2019-10448 was published for jenkins.xtc:extensivetesting (Maven) May 24, 2022
Weave GitOps Terraform Controller Information Disclosure Vulnerability High
CVE-2023-34236 was published for github.com/weaveworks/tf-controller (Go) Jul 14, 2023
greenu
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database