GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
49 advisories
Filter by severity
Exposure of vSphere's CPI and CSI credentials in Rancher
High
CVE-2022-45157
was published
for
github.com/rancher/rancher
(Go)
Oct 25, 2024
OpenRefine leaks Google API credentials in releases
High
GHSA-3pg4-qwc8-426r
was published
for
org.openrefine:openrefine
(Maven)
Oct 24, 2024
OAuth2 client ID and secret exposed through the web browser
High
CVE-2024-9014
was published
for
pgadmin4
(pip)
Sep 23, 2024
apko Exposure of HTTP basic auth credentials in log output
High
CVE-2024-36127
was published
for
chainguard.dev/apko
(Go)
Jun 4, 2024
Apache Kylin has Insufficiently Protected Credentials
High
CVE-2023-29055
was published
for
org.apache.kylin:kylin-core-common
(Maven)
Jan 29, 2024
Data leak of password hash through change requests
High
CVE-2023-49280
was published
for
org.xwiki.contrib.changerequest:application-changerequest-default
(Maven)
Dec 5, 2023
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables
High
CVE-2023-46115
was published
for
@tauri-apps/cli
(npm)
Oct 20, 2023
Weave GitOps Terraform Controller Information Disclosure Vulnerability
High
CVE-2023-34236
was published
for
github.com/weaveworks/tf-controller
(Go)
Jul 14, 2023
Craft CMS discloses password hashes
High
CVE-2022-37783
was published
for
craftcms/cms
(Composer)
Dec 5, 2022
Apache Dolphin Scheduler has insufficiently protected credentials
High
CVE-2022-26885
was published
for
org.apache.dolphinscheduler:dolphinscheduler-common
(Maven)
Nov 24, 2022
Incorrect implementation of lockout feature in Keycloak
High
CVE-2021-3513
was published
for
org.keycloak:keycloak-parent
(Maven)
Aug 23, 2022
Insufficiently Protected Credentials in PowerJob
High
CVE-2020-28865
was published
for
com.github.kfcfans:powerjob
(Maven)
Jun 17, 2022
Ansible Exposes Sensitive Information
High
CVE-2021-20228
was published
for
ansible
(pip)
May 25, 2022
Plaintext password storage in Jenkins InfluxDB Plugin
High
CVE-2019-10329
was published
for
org.jenkins-ci.plugins:influxdb
(Maven)
May 24, 2022
OpenStack Keystone Credential Leakage
High
CVE-2019-19687
was published
for
keystone
(pip)
May 24, 2022
Jenkins Dynatrace Plugin vulnerable to Insufficiently Protected Credentials
High
CVE-2019-10461
was published
for
org.jenkins-ci.plugins:dynatrace-dashboard
(Maven)
May 24, 2022
Jenkins Zulip Plugin vulnerable to Insufficiently Protected Credentials
High
CVE-2019-10476
was published
for
org.jenkins-ci.plugins:zulip
(Maven)
May 24, 2022
Jenkins Bitbucket OAuth Plugin contains Insufficiently Protected Credentials
High
CVE-2019-10460
was published
for
org.jenkins-ci.plugins:bitbucket-oauth
(Maven)
May 24, 2022
Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin
High
CVE-2019-10448
was published
for
jenkins.xtc:extensivetesting
(Maven)
May 24, 2022
Stored credentials unencrypted in Jenkins Mashup Portlets Plugin
High
CVE-2019-10347
was published
for
javagh.jenkins:mashup-portlets-plugin
(Maven)
May 24, 2022
Containous Traefik Exposes Password Hashes
High
CVE-2019-12452
was published
for
github.com/traefik/traefik
(Go)
May 24, 2022
Jenkins jira-ext Plugin stores credentials unencrypted
High
CVE-2019-10302
was published
for
org.jenkins-ci.plugins:jira-ext
(Maven)
May 24, 2022
Jenkins Configuration as Code Plugin has Insufficiently Protected Credentials
High
CVE-2018-1000610
was published
for
io.jenkins:configuration-as-code
(Maven)
May 13, 2022
Jenkins AWS CodePipeline Plugin has Insufficiently Protected Credentials
High
CVE-2018-1000401
was published
for
com.amazonaws:aws-codepipeline
(Maven)
May 13, 2022
AWS CodeDeploy Plugin stored AWS Secret Key in plain text
High
CVE-2018-1000403
was published
for
com.amazonaws:codedeploy
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API