Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

86 advisories

Loading
Private key stored in plain text by Jenkins Google Compute Engine Plugin Moderate
CVE-2022-29052 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) Apr 13, 2022
NotMyFault
Plaintext Storage of a Password in Jenkins Eagle Tester Plugin Moderate
CVE-2020-2129 was published for com.mobileenerlytics.eagle.tester:eagle-tester (Maven) May 24, 2022
nsufficiently Protected Credentials in ActiveMQ Artemis Moderate
CVE-2020-10727 was published for org.apache.activemq:artemis-commons (Maven) May 24, 2022
Fortify Plugin stored credentials in plain text Moderate
CVE-2020-2107 was published for org.jenkins-ci.plugins:fortify (Maven) May 24, 2022
NotMyFault
Password stored in plain text by Applatix Plugin Moderate
CVE-2020-2133 was published for com.applatix.jenkins:applatix (Maven) May 24, 2022
NotMyFault
Jenkins AWS CodeDeploy Plugin has Insufficiently Protected Credentials Moderate
CVE-2018-1000402 was published for com.amazonaws:codedeploy (Maven) May 14, 2022
Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin Moderate
CVE-2020-2318 was published for org.jenkins-ci.plugins:mailcommander (Maven) May 24, 2022
NotMyFault
Missing permission check in Jenkins Project Inheritance Plugin Moderate
CVE-2020-2198 was published for hudson.plugins:project-inheritance (Maven) May 24, 2022
NotMyFault
Jenkins Sonar Gerrit Plugin stores credentials unencrypted Moderate
CVE-2019-10467 was published for org.jenkins-ci.plugins:sonar-gerrit (Maven) May 24, 2022
Jenkins Mattermost Notification Plugin contains unencrypted storage of secret token Moderate
CVE-2019-10459 was published for org.jenkins-ci.plugins:mattermost (Maven) May 24, 2022
Jenkins Anchore Container Scanner Plugin vulnerable to Insufficiently Protected Credentials Moderate
CVE-2019-16542 was published for org.jenkins-ci.plugins:anchore-container-scanner (Maven) May 24, 2022
Insufficiently Protected Credentials in Elasticsearch Moderate
CVE-2021-22132 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
Insufficiently Protected Credentials in Reactor Netty Moderate
CVE-2020-5404 was published for io.projectreactor.netty:reactor-netty-http (Maven) Feb 10, 2022
Passwords stored in plain text by Jenkins Vmware vRealize CodeStream Plugin Moderate
CVE-2022-27217 was published for com.vmware.vcac:vmware-vrealize-codestream (Maven) Mar 16, 2022
NotMyFault
Password parameter default values exposed by Jenkins Pipeline: Build Step Plugin Moderate
CVE-2022-25184 was published for org.jenkins-ci.plugins:pipeline-build-step (Maven) Feb 16, 2022
NotMyFault
Jenkins Data Theorem Mobile Security: CI/CD Plugin has Insufficiently Protected Credentials Moderate
CVE-2019-10413 was published for com.datatheorem.mobileappsecurity.jenkins.plugin:datatheorem-mobile-app-security (Maven) May 24, 2022
Jenkins Azure Event Grid Build Notifier Plugin has Insufficiently Protected Credentials Moderate
CVE-2019-10421 was published for org.jenkins-ci.plugins:azure-event-grid-notifier (Maven) May 24, 2022
Jenkins Call Remote Job Plugin has Insufficiently Protected Credentials Moderate
CVE-2019-10422 was published for org.ukiuni.callOtherJenkins:call-remote-job-plugin (Maven) May 24, 2022
Jenkins Google Calendar Plugin has Insufficiently Protected Credentials Moderate
CVE-2019-10425 was published for org.jenkins-ci.plugins:gcal (Maven) May 24, 2022
Plaintext Storage of a Password in Jenkins Convertigo Mobile Platform Plugin Moderate
CVE-2022-34199 was published for com.convertigo.jenkins.plugins:convertigo-mobile-platform (Maven) Jun 24, 2022
NotMyFault
Jenkins Gem Publisher Plugin stores credentials as plaintext Moderate
CVE-2019-10426 was published for net.arangamani.jenkins:gem-publisher (Maven) May 24, 2022
Plaintext storage of password after a reset in org.xwiki.platform:xwiki-platform-security-authentication-default Moderate
CVE-2022-41933 was published for org.xwiki.platform:xwiki-platform-security-authentication-default (Maven) Nov 21, 2022
Personal tokens stored in plain text by Jenkins incapptic connect uploader Plugin Moderate
CVE-2022-27218 was published for com.incapptic.plugins:incapptic-connect-uploader (Maven) Mar 16, 2022
NotMyFault
Insufficiently Protected Credentials via Insecure Temporary File in org.apache.nifi:nifi-single-user-utils Moderate
CVE-2022-26850 was published for org.apache.nifi:nifi-single-user-utils (Maven) Jun 20, 2022
JLLeitschuh
API keys stored in plain text by Jenkins Katalon Plugin Moderate
CVE-2022-43419 was published for org.jenkins-ci.plugins:katalon (Maven) Oct 19, 2022
NotMyFault tdunlap607
ProTip! Advisories are also available from the GraphQL API