Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

46 advisories

Loading
apko Exposure of HTTP basic auth credentials in log output High
CVE-2024-36127 was published for chainguard.dev/apko (Go) Jun 4, 2024
kolloch
Apache Kylin has Insufficiently Protected Credentials High
CVE-2023-29055 was published for org.apache.kylin:kylin-core-common (Maven) Jan 29, 2024
Data leak of password hash through change requests High
CVE-2023-49280 was published for org.xwiki.contrib.changerequest:application-changerequest-default (Maven) Dec 5, 2023
michitux
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables High
CVE-2023-46115 was published for @tauri-apps/cli (npm) Oct 20, 2023
Weave GitOps Terraform Controller Information Disclosure Vulnerability High
CVE-2023-34236 was published for github.com/weaveworks/tf-controller (Go) Jul 14, 2023
greenu
Craft CMS discloses password hashes High
CVE-2022-37783 was published for craftcms/cms (Composer) Dec 5, 2022
Apache Dolphin Scheduler has insufficiently protected credentials High
CVE-2022-26885 was published for org.apache.dolphinscheduler:dolphinscheduler-common (Maven) Nov 24, 2022
Incorrect implementation of lockout feature in Keycloak High
CVE-2021-3513 was published for org.keycloak:keycloak-parent (Maven) Aug 23, 2022
Insufficiently Protected Credentials in PowerJob High
CVE-2020-28865 was published for com.github.kfcfans:powerjob (Maven) Jun 17, 2022
Ansible Exposes Sensitive Information High
CVE-2021-20228 was published for ansible (pip) May 25, 2022
Plaintext password storage in Jenkins InfluxDB Plugin High
CVE-2019-10329 was published for org.jenkins-ci.plugins:influxdb (Maven) May 24, 2022
westonsteimel
OpenStack Keystone Credential Leakage High
CVE-2019-19687 was published for keystone (pip) May 24, 2022
Jenkins Dynatrace Plugin vulnerable to Insufficiently Protected Credentials High
CVE-2019-10461 was published for org.jenkins-ci.plugins:dynatrace-dashboard (Maven) May 24, 2022
Jenkins Zulip Plugin vulnerable to Insufficiently Protected Credentials High
CVE-2019-10476 was published for org.jenkins-ci.plugins:zulip (Maven) May 24, 2022
tdunlap607
Jenkins Bitbucket OAuth Plugin contains Insufficiently Protected Credentials High
CVE-2019-10460 was published for org.jenkins-ci.plugins:bitbucket-oauth (Maven) May 24, 2022
Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin High
CVE-2019-10448 was published for jenkins.xtc:extensivetesting (Maven) May 24, 2022
Stored credentials unencrypted in Jenkins Mashup Portlets Plugin High
CVE-2019-10347 was published for javagh.jenkins:mashup-portlets-plugin (Maven) May 24, 2022
Containous Traefik Exposes Password Hashes High
CVE-2019-12452 was published for github.com/traefik/traefik (Go) May 24, 2022
Jenkins jira-ext Plugin stores credentials unencrypted High
CVE-2019-10302 was published for org.jenkins-ci.plugins:jira-ext (Maven) May 24, 2022
Jenkins Configuration as Code Plugin has Insufficiently Protected Credentials High
CVE-2018-1000610 was published for io.jenkins:configuration-as-code (Maven) May 13, 2022
AWS CodeDeploy Plugin stored AWS Secret Key in plain text High
CVE-2018-1000403 was published for com.amazonaws:codedeploy (Maven) May 13, 2022
westonsteimel
Jenkins AWS CodePipeline Plugin has Insufficiently Protected Credentials High
CVE-2018-1000401 was published for com.amazonaws:aws-codepipeline (Maven) May 13, 2022
Insufficiently Protected Credentials in Jenkins AWS CodeBuild Plugin High
CVE-2018-1000404 was published for com.amazonaws:aws-codebuild (Maven) May 13, 2022
Jenkins Build-Publisher plugin has Insufficiently Protected Credentials High
CVE-2017-1000387 was published for org.jenkins-ci.plugins:build-publisher (Maven) May 13, 2022
OpenStack Identity Keystone and keystonemiddleware Insufficiently Protected Credentials High
CVE-2015-7546 was published for keystone (pip) May 13, 2022
ProTip! Advisories are also available from the GraphQL API