Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

87 advisories

Loading
Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin Moderate
CVE-2023-50770 was published for org.jenkins-ci.plugins:oic-auth (Maven) Dec 13, 2023
westonsteimel
Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission Moderate
CVE-2024-47805 was published for org.jenkins-ci.plugins:credentials (Maven) Oct 2, 2024
Apereo CAS vulnerable to credential leaks for LDAP authentication Moderate
CVE-2023-28857 was published for org.apereo.cas:cas-server-support-x509-core (Maven) Aug 5, 2024
Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies Moderate
CVE-2023-50291 was published for org.apache.solr:solr-core (Maven) Feb 9, 2024
Jenkins TestFairy Plugin stores credentials in plain text Moderate
CVE-2019-1003096 was published for org.jenkins-ci.plugins:TestFairy (Maven) May 13, 2022
ECS Publisher Plugin stored and displayed API token in plain text Moderate
CVE-2019-1003045 was published for de.eacg:ecs-publisher (Maven) May 13, 2022
Jenkins Crowd Integration Plugin stores credentials in plain text Moderate
CVE-2019-1003097 was published for com.ds.tools.hudson:crowd (Maven) May 13, 2022
Jenkins Google Cloud Messaging Notification Plugin stores credentials in plain text Moderate
CVE-2019-10379 was published for org.jenkins-ci.plugins:gcm-notification (Maven) May 24, 2022
Jenkins eggplant-plugin Plugin stores credentials in plain text Moderate
CVE-2019-10385 was published for org.jenkins-ci.plugins:eggplant-plugin (Maven) May 24, 2022
Jenkins Rundeck Plugin stored credentials in plain text Moderate
CVE-2019-16556 was published for org.jenkins-ci.plugins:rundeck (Maven) May 24, 2022
Improper masking of credentials Jenkins in Git Plugin Moderate
CVE-2022-38663 was published for org.jenkins-ci.plugins:git (Maven) Aug 24, 2022
NotMyFault
Jenkins Code Dx Plugin stores API keys in plain text Moderate
CVE-2023-2632 was published for org.jenkins-ci.plugins:codedx (Maven) May 16, 2023
Jenkins Code Dx Plugin displays API keys in plain text Moderate
CVE-2023-2633 was published for org.jenkins-ci.plugins:codedx (Maven) May 16, 2023
Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials Moderate
CVE-2022-25180 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Feb 16, 2022
Jenkins Support Core Plugin stores sensitive data in plain text Moderate
CVE-2022-25187 was published for org.jenkins-ci.plugins:support-core (Maven) Feb 16, 2022
westonsteimel
Jenkins Credentials Binding Plugin has Insufficiently Protected Credentials Moderate
CVE-2018-1000057 was published for org.jenkins-ci.plugins:credentials-binding (Maven) May 13, 2022
q5438722
Improper credentials masking in Jenkins HashiCorp Vault Plugin Moderate
CVE-2022-23109 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Jan 13, 2022
NotMyFault
Secrets are not masked by Jenkins Credentials Binding Plugin in builds without build steps Moderate
CVE-2020-2181 was published for org.jenkins-ci.plugins:credentials-binding (Maven) May 24, 2022
NotMyFault
Violation Comments to GitLab Plugin has Insufficiently Protected Credentials Moderate
CVE-2019-10416 was published for org.jenkins-ci.plugins:violation-comments-to-gitlab (Maven) May 24, 2022
Jenkins Violation Comments to GitLab Plugin has Insufficiently Protected Credentials Moderate
CVE-2019-10415 was published for org.jenkins-ci.plugins:violation-comments-to-gitlab (Maven) May 24, 2022
Redgate SQL Change Automation Plugin stored credentials in plain text Moderate
CVE-2020-2095 was published for com.redgate.plugins.redgatesqlci:redgate-sql-ci (Maven) May 24, 2022
NotMyFault
Insufficiently Protected Credentials in Jenkins Pipeline SCM API for Blue Ocean Plugin Moderate
CVE-2022-30952 was published for io.jenkins.blueocean:blueocean-pipeline-scm-api (Maven) May 18, 2022
NotMyFault
Jenkins GitLab Logo Plugin stores credentials unencrypted Moderate
CVE-2019-10429 was published for org.jenkins-ci.plugins:gitlab-logo (Maven) May 24, 2022
Skytap Cloud CI Plugin stored credentials in plain text Moderate
CVE-2019-10366 was published for org.jenkins-ci.plugins:skytap (Maven) May 24, 2022
Credentials stored in plain text by Jenkins Bumblebee HP ALM Plugin Moderate
CVE-2021-21614 was published for org.jenkins-ci.plugins:bumblebee (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database