Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

110 advisories

Loading
Django allows unprivileged users to read the password hashes of arbitrary accounts Moderate
CVE-2018-16984 was published for django (pip) Oct 3, 2018
sunSUNQ
Insufficiently Protected Credentials in Elasticsearch Moderate
CVE-2021-22132 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
Scrapy HTTP authentication credentials potentially leaked to target websites Moderate
CVE-2021-41125 was published for Scrapy (pip) Oct 6, 2021
Improper credentials masking in Jenkins HashiCorp Vault Plugin Moderate
CVE-2022-23109 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Jan 13, 2022
NotMyFault
Access key stored in plain text by Jenkins Metrics Plugin Moderate
CVE-2022-20621 was published for org.jenkins-ci.plugins:metrics (Maven) Jan 13, 2022
westonsteimel
Insufficiently Protected Credentials in Apache Superset Moderate
CVE-2021-44451 was published for apache-superset (pip) Feb 2, 2022
Insufficiently Protected Credentials in Reactor Netty Moderate
CVE-2020-5404 was published for io.projectreactor.netty:reactor-netty-http (Maven) Feb 10, 2022
containerd v1.2.x can be coerced into leaking credentials during image pull Moderate
CVE-2020-15157 was published for github.com/containerd/containerd (Go) Feb 11, 2022
bgeesaman joshlarsen
IanColdwater mauilion raesene
containers/image library Insufficiently Protects Credentials Moderate
CVE-2019-10214 was published for github.com/containers/image (Go) Feb 15, 2022
Jenkins Support Core Plugin stores sensitive data in plain text Moderate
CVE-2022-25187 was published for org.jenkins-ci.plugins:support-core (Maven) Feb 16, 2022
westonsteimel
Password parameter default values exposed by Jenkins Pipeline: Build Step Plugin Moderate
CVE-2022-25184 was published for org.jenkins-ci.plugins:pipeline-build-step (Maven) Feb 16, 2022
NotMyFault
Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials Moderate
CVE-2022-25180 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Feb 16, 2022
Personal tokens stored in plain text by Jenkins incapptic connect uploader Plugin Moderate
CVE-2022-27218 was published for com.incapptic.plugins:incapptic-connect-uploader (Maven) Mar 16, 2022
NotMyFault
Passwords stored in plain text by Jenkins Vmware vRealize CodeStream Plugin Moderate
CVE-2022-27217 was published for com.vmware.vcac:vmware-vrealize-codestream (Maven) Mar 16, 2022
NotMyFault
Passwords stored in plain text by Jenkins dbCharts Plugin Moderate
CVE-2022-27216 was published for org.jenkins-ci.plugins:dbCharts (Maven) Mar 16, 2022
NotMyFault
Plaintext storage in Jenkins instant-messaging Plugin Moderate
CVE-2022-28135 was published for org.jvnet.hudson.plugins:instant-messaging (Maven) Mar 30, 2022
NotMyFault
Password stored in plain text by Jenkins Proxmox Plugin Moderate
CVE-2022-28141 was published for org.jenkins-ci.plugins:proxmox (Maven) Mar 30, 2022
Private key stored in plain text by Jenkins Google Compute Engine Plugin Moderate
CVE-2022-29052 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) Apr 13, 2022
NotMyFault
Jenkins Klaros-Testmanagement Plugin stores credentials in plain text Moderate
CVE-2019-10282 was published for hudson.plugins.klaros:klaros-testmanagement (Maven) May 13, 2022
Jenkins crittercism-dsym Plugin stores API key in plain text Moderate
CVE-2019-10295 was published for org.jenkins-ci.plugins:crittercism-dsym (Maven) May 13, 2022
Jenkins Diawi Upload Plugin stores credentials in plain text Moderate
CVE-2019-10284 was published for org.jenkins-ci.plugins:diawi-upload (Maven) May 13, 2022
Jenkins mabl Plugin stores credentials in plain text Moderate
CVE-2019-10283 was published for com.mabl.integration.jenkins:mabl-integration (Maven) May 13, 2022
Jenkins DeployHub Plugin stores credentials in plain text Moderate
CVE-2019-10286 was published for com.openmake:deployhub (Maven) May 13, 2022
ECS Publisher Plugin stored and displayed API token in plain text Moderate
CVE-2019-1003045 was published for de.eacg:ecs-publisher (Maven) May 13, 2022
Jenkins AppDynamics Dashboard Plugin has insufficiently protected credentials Moderate
CVE-2019-1003039 was published for org.jenkins-ci.plugins:appdynamics-dashboard (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API