Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

58 advisories

Loading
Password stored in plain text by Jenkins Publish Over SSH Plugin Low
CVE-2022-23114 was published for org.jenkins-ci.plugins:publish-over-ssh (Maven) Jan 13, 2022
NotMyFault MarkLee131
Client Secret stored in plain text by Jenkins GitLab Authentication Plugin Low
CVE-2022-27206 was published for org.jenkins-ci.plugins:gitlab-oauth (Maven) Mar 16, 2022
NotMyFault
Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials in plain text Low
CVE-2019-10281 was published for org.jenkins-ci.plugins:relution-publisher (Maven) May 13, 2022
Jenkins Serena SRA Deploy Plugin stores credentials in plain text Low
CVE-2019-10296 was published for com.urbancode.ds.jenkins.plugins:sra-deploy (Maven) May 13, 2022
Jenkins Koji Plugin stores credentials in plain text Low
CVE-2019-10298 was published for org.jenkins-ci.plugins:koji (Maven) May 13, 2022
Jenkins Sametime Plugin stores credentials in plain text Low
CVE-2019-10297 was published for org.jenkins-ci.plugins:sametime (Maven) May 13, 2022
Jenkins Netsparker Enterprise Scan Plugin stored credentials in plain text Low
CVE-2019-10291 was published for org.jenkins-ci.plugins:netsparker-cloud-scan (Maven) May 13, 2022
Jenkins CloudCoreo DeployTime Plugin stores credentials in plain text Low
CVE-2019-10299 was published for com.cloudcoreo.plugins:cloudcoreo-deploytime (Maven) May 13, 2022
Jenkins Minio Storage Plugin stores credentials in plain text Low
CVE-2019-10285 was published for org.jenkins-ci.plugins:minio-storage (Maven) May 13, 2022
Jenkins youtrack-plugin Plugin stored credentials in plain text Low
CVE-2019-10287 was published for org.jenkins-ci.plugins:youtrack-plugin (Maven) May 13, 2022
Jenkins Jabber Server Plugin stores credentials in plain text Low
CVE-2019-10288 was published for de.e-nexus:jabber-server-plugin (Maven) May 13, 2022
Jenkins Repository Connector Plugin has insufficiently protected credentials Low
CVE-2019-1003038 was published for org.jenkins-ci.plugins:repository-connector (Maven) May 13, 2022
Jenkins Coverity Plugin has Insufficiently Protected Credentials Low
CVE-2018-1000104 was published for org.jenkins-ci.plugins:coverity (Maven) May 13, 2022
Jenkins z/OS Connector Plugin allows local attacker to retrieve configured password Low
CVE-2018-1000608 was published for org.jenkins-ci.plugins:zos-connector (Maven) May 13, 2022
Cloudtoken Insufficiently Protects Credentials Low
CVE-2018-13390 was published for cloudtoken (pip) May 13, 2022
Jenkins Azure PublisherSettings Credentials Plugin stored credentials in plain text Low
CVE-2019-10303 was published for org.jenkins-ci.plugins:azure-publishersettings-credentials (Maven) May 24, 2022
Jenkins Twitter Plugin stores credentials in plain text Low
CVE-2019-10313 was published for org.jenkins-ci.plugins:twitter (Maven) May 24, 2022
Jenkins Aqua MicroScanner Plugin stored credentials in plain text Low
CVE-2019-10316 was published for org.jenkins-ci.plugins:aqua-microscanner (Maven) May 24, 2022
Jenkins Azure AD Plugin stored the client secret unencrypted Low
CVE-2019-10318 was published for org.jenkins-ci.plugins:azure-ad (Maven) May 24, 2022
Jenkins Maven Release Plug-in Plugin stored credentials in plain text Low
CVE-2019-10361 was published for org.jenkins-ci.plugins.m2release:m2release (Maven) May 24, 2022
Jenkins TestLink Plugin stores credentials in plain text Low
CVE-2019-10378 was published for org.jenkins-ci.plugins:testlink (Maven) May 24, 2022
Jenkins Beaker Builder Plugin has Insufficiently Protected Credentials Low
CVE-2019-10398 was published for org.jenkins-ci.plugins:beaker-builder (Maven) May 24, 2022
Jenkins Assembla Plugin has Insufficiently Protected Credentials Low
CVE-2019-10420 was published for org.jenkins-ci.plugins:assembla (Maven) May 24, 2022
Jenkins vFabric Application Director Plugin Insufficiently Protected Credentials Low
CVE-2019-10419 was published for org.jenkins-ci.plugins:application-director-plugin (Maven) May 24, 2022
Jenkins CodeScan Plugin has Insufficiently Protected Credentials Low
CVE-2019-10423 was published for com.villagechief.codescan.jenkins:codescan (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API