Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

46 advisories

Loading
Information disclosure through error object in auth0.js High
CVE-2020-5263 was published for auth0-js (npm) Apr 10, 2020
In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. High
CVE-2021-45457 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
AWS CodeDeploy Plugin stored AWS Secret Key in plain text High
CVE-2018-1000403 was published for com.amazonaws:codedeploy (Maven) May 13, 2022
westonsteimel
Insufficiently Protected Credentials in PowerJob High
CVE-2020-28865 was published for com.github.kfcfans:powerjob (Maven) Jun 17, 2022
Insufficiently Protected Credentials and Improper Authentication in Spring Security High
CVE-2019-11272 was published for org.springframework.security:spring-security-cas (Maven) Jun 27, 2019
Incorrect implementation of lockout feature in Keycloak High
CVE-2021-3513 was published for org.keycloak:keycloak-parent (Maven) Aug 23, 2022
Apache Dolphin Scheduler has insufficiently protected credentials High
CVE-2022-26885 was published for org.apache.dolphinscheduler:dolphinscheduler-common (Maven) Nov 24, 2022
Exposure of repository credentials to external third-party sources in Rancher High
CVE-2021-36778 was published for github.com/rancher/rancher (Go) May 2, 2022
dasMulli
Jenkins Configuration as Code Plugin has Insufficiently Protected Credentials High
CVE-2018-1000610 was published for io.jenkins:configuration-as-code (Maven) May 13, 2022
Jenkins AWS CodePipeline Plugin has Insufficiently Protected Credentials High
CVE-2018-1000401 was published for com.amazonaws:aws-codepipeline (Maven) May 13, 2022
Insufficiently Protected Credentials in Jenkins AWS CodeBuild Plugin High
CVE-2018-1000404 was published for com.amazonaws:aws-codebuild (Maven) May 13, 2022
Jenkins Build-Publisher plugin has Insufficiently Protected Credentials High
CVE-2017-1000387 was published for org.jenkins-ci.plugins:build-publisher (Maven) May 13, 2022
Jenkins Dynatrace Plugin vulnerable to Insufficiently Protected Credentials High
CVE-2019-10461 was published for org.jenkins-ci.plugins:dynatrace-dashboard (Maven) May 24, 2022
Insufficiently Protected Credentials in Pivotal Reactor Netty High
CVE-2019-11284 was published for io.projectreactor.netty:reactor-netty (Maven) Oct 23, 2019
Insufficiently Protected Credentials in Apache Tomcat High
CVE-2019-12418 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Dec 26, 2019
Insufficient Nonce Validation in Eclipse Milo Client High
CVE-2019-19135 was published for org.eclipse.milo:sdk-client (Maven) Mar 16, 2020
Private key leak in Apache CXF High
CVE-2019-12423 was published for org.apache.cxf:apache-cxf (Maven) May 22, 2020
Insufficiently Protected Credentials in Requests High
CVE-2018-18074 was published for requests (pip) Oct 29, 2018
Improper permission handling in Apache Solr High
CVE-2021-29262 was published for org.apache.solr:solr-core (Maven) May 10, 2021
Basic-auth app bundle credential exposure in gatsby-source-wordpress High
CVE-2021-32770 was published for gatsby-source-wordpress (npm) Jul 19, 2021
Jenkins Zulip Plugin vulnerable to Insufficiently Protected Credentials High
CVE-2019-10476 was published for org.jenkins-ci.plugins:zulip (Maven) May 24, 2022
tdunlap607
Containous Traefik Exposes Password Hashes High
CVE-2019-12452 was published for github.com/traefik/traefik (Go) May 24, 2022
Sensitive data exposure in NATS High
CVE-2020-26149 was published for nats (npm) Oct 8, 2020
OpenStack Keystone Credential Leakage High
CVE-2019-19687 was published for keystone (pip) May 24, 2022
Password exposure in ShenYu High
CVE-2022-23223 was published for org.apache.shenyu:shenyu-common (Maven) Jan 28, 2022
tdunlap607
ProTip! Advisories are also available from the GraphQL API