Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

226 advisories

Loading
Exposure of vSphere's CPI and CSI credentials in Rancher High
CVE-2022-45157 was published for github.com/rancher/rancher (Go) Oct 25, 2024
OpenRefine leaks Google API credentials in releases High
GHSA-3pg4-qwc8-426r was published for org.openrefine:openrefine (Maven) Oct 24, 2024
OpenC3 stores passwords in clear text (`GHSL-2024-129`) Moderate
CVE-2024-47529 was published for @openc3/tool-common (RubyGems) Oct 2, 2024
p-
OAuth2 client ID and secret exposed through the web browser High
CVE-2024-9014 was published for pgadmin4 (pip) Sep 23, 2024
m3t3kh4n
Grafana plugin SDK Information Leakage Critical
CVE-2024-8986 was published for github.com/grafana/grafana-plugin-sdk-go (Go) Sep 19, 2024
Apereo CAS vulnerable to credential leaks for LDAP authentication Moderate
CVE-2023-28857 was published for org.apereo.cas:cas-server-support-x509-core (Maven) Aug 5, 2024
Docker CLI leaks private registry credentials to registry-1.docker.io Moderate
CVE-2021-41092 was published for github.com/docker/cli (Go) Jun 10, 2024
Password hash exposed in CraftCMS two factor authentication plugin Low
CVE-2024-5657 was published for born05/craft-twofactorauthentication (Composer) Jun 6, 2024
apko Exposure of HTTP basic auth credentials in log output High
CVE-2024-36127 was published for chainguard.dev/apko (Go) Jun 4, 2024
kolloch
SimpleSAMLphp exposes credentials in session storage Moderate
GHSA-7wh8-jrq7-p27f was published for simplesamlphp/simplesamlphp (Composer) May 28, 2024
Trivy possibly leaks registry credential when scanning images from malicious registries Moderate
CVE-2024-35192 was published for github.com/aquasecurity/trivy (Go) May 20, 2024
lyoung-confluent
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins Moderate
CVE-2022-31130 was published for github.com/grafana/grafana (Go) May 14, 2024
joaxcar
Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext Low
CVE-2024-34147 was published for org.jenkins-ci.plugins:telegrambot (Maven) May 2, 2024
Azure Identity Library for .NET Information Disclosure Vulnerability Moderate
CVE-2024-29992 was published for Azure.Identity (NuGet) Apr 9, 2024
scottaddie
Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies Moderate
CVE-2023-50291 was published for org.apache.solr:solr-core (Maven) Feb 9, 2024
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance Moderate
CVE-2024-24595 was published for clearml (pip) Feb 6, 2024
m3t3kh4n
Apache Kylin has Insufficiently Protected Credentials High
CVE-2023-29055 was published for org.apache.kylin:kylin-core-common (Maven) Jan 29, 2024
Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin Moderate
CVE-2023-50770 was published for org.jenkins-ci.plugins:oic-auth (Maven) Dec 13, 2023
Data leak of password hash through change requests High
CVE-2023-49280 was published for org.xwiki.contrib.changerequest:application-changerequest-default (Maven) Dec 5, 2023
michitux
Jenkins Jira Plugin vulnerable to exposure of system-scoped credentials Moderate
CVE-2023-49653 was published for org.jenkins-ci.plugins:jira (Maven) Nov 29, 2023
Jenkins Warnings Plugin exposures system-scoped credentials Moderate
CVE-2023-46651 was published for io.jenkins.plugins:warnings-ng (Maven) Oct 25, 2023
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables High
CVE-2023-46115 was published for @tauri-apps/cli (npm) Oct 20, 2023
OpenStack Barbican credential leak flaw Moderate
CVE-2023-1633 was published for barbican (pip) Sep 24, 2023
Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin vulnerable to exposure of system-scoped credentials Moderate
CVE-2023-40347 was published for org.jenkins-ci.plugins:maven-artifact-choicelistprovider (Maven) Aug 16, 2023
Jenkins Delphix Plugin vulnerable to exposure of system-scoped credentials Moderate
CVE-2023-40345 was published for org.jenkins-ci.plugins:delphix (Maven) Aug 16, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database