GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+
111 advisories
Filter by severity
Private key stored in plain text by Jenkins Google Compute Engine Plugin
Moderate
CVE-2022-29052
was published
for
org.jenkins-ci.plugins:google-compute-engine
(Maven)
Apr 13, 2022
Plaintext Storage of a Password in Jenkins Eagle Tester Plugin
Moderate
CVE-2020-2129
was published
for
com.mobileenerlytics.eagle.tester:eagle-tester
(Maven)
May 24, 2022
nsufficiently Protected Credentials in ActiveMQ Artemis
Moderate
CVE-2020-10727
was published
for
org.apache.activemq:artemis-commons
(Maven)
May 24, 2022
Mechanize before v2.8.5 vulnerable to authorization header leak on port redirect
Moderate
CVE-2022-31033
was published
for
mechanize
(RubyGems)
Jun 9, 2022
Fortify Plugin stored credentials in plain text
Moderate
CVE-2020-2107
was published
for
org.jenkins-ci.plugins:fortify
(Maven)
May 24, 2022
Password stored in plain text by Applatix Plugin
Moderate
CVE-2020-2133
was published
for
com.applatix.jenkins:applatix
(Maven)
May 24, 2022
Jenkins AWS CodeDeploy Plugin has Insufficiently Protected Credentials
Moderate
CVE-2018-1000402
was published
for
com.amazonaws:codedeploy
(Maven)
May 14, 2022
Plaintext storage of tokens in pulp_ansible
Moderate
CVE-2022-3644
was published
for
pulp-ansible
(pip)
Oct 25, 2022
Exfiltration of hashed SMB credentials on Windows via file:// redirect
Moderate
CVE-2022-36077
was published
for
electron
(npm)
Nov 10, 2022
Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin
Moderate
CVE-2020-2318
was published
for
org.jenkins-ci.plugins:mailcommander
(Maven)
May 24, 2022
Missing permission check in Jenkins Project Inheritance Plugin
Moderate
CVE-2020-2198
was published
for
hudson.plugins:project-inheritance
(Maven)
May 24, 2022
Jenkins Sonar Gerrit Plugin stores credentials unencrypted
Moderate
CVE-2019-10467
was published
for
org.jenkins-ci.plugins:sonar-gerrit
(Maven)
May 24, 2022
Jenkins Mattermost Notification Plugin contains unencrypted storage of secret token
Moderate
CVE-2019-10459
was published
for
org.jenkins-ci.plugins:mattermost
(Maven)
May 24, 2022
Jenkins Anchore Container Scanner Plugin vulnerable to Insufficiently Protected Credentials
Moderate
CVE-2019-16542
was published
for
org.jenkins-ci.plugins:anchore-container-scanner
(Maven)
May 24, 2022
Insufficiently Protected Credentials in Elasticsearch
Moderate
CVE-2021-22132
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 18, 2021
Insufficiently Protected Credentials in Reactor Netty
Moderate
CVE-2020-5404
was published
for
io.projectreactor.netty:reactor-netty-http
(Maven)
Feb 10, 2022
containerd v1.2.x can be coerced into leaking credentials during image pull
Moderate
CVE-2020-15157
was published
for
github.com/containerd/containerd
(Go)
Feb 11, 2022
Passwords stored in plain text by Jenkins Vmware vRealize CodeStream Plugin
Moderate
CVE-2022-27217
was published
for
com.vmware.vcac:vmware-vrealize-codestream
(Maven)
Mar 16, 2022
Password parameter default values exposed by Jenkins Pipeline: Build Step Plugin
Moderate
CVE-2022-25184
was published
for
org.jenkins-ci.plugins:pipeline-build-step
(Maven)
Feb 16, 2022
scs-library-client may leak user credentials to third-party service via HTTP redirect
Moderate
CVE-2022-23538
was published
for
github.com/sylabs/scs-library-client
(Go)
Jan 20, 2023
Jenkins Data Theorem Mobile Security: CI/CD Plugin has Insufficiently Protected Credentials
Moderate
CVE-2019-10413
was published
for
com.datatheorem.mobileappsecurity.jenkins.plugin:datatheorem-mobile-app-security
(Maven)
May 24, 2022
Jenkins Azure Event Grid Build Notifier Plugin has Insufficiently Protected Credentials
Moderate
CVE-2019-10421
was published
for
org.jenkins-ci.plugins:azure-event-grid-notifier
(Maven)
May 24, 2022
Jenkins Call Remote Job Plugin has Insufficiently Protected Credentials
Moderate
CVE-2019-10422
was published
for
org.ukiuni.callOtherJenkins:call-remote-job-plugin
(Maven)
May 24, 2022
Jenkins Google Calendar Plugin has Insufficiently Protected Credentials
Moderate
CVE-2019-10425
was published
for
org.jenkins-ci.plugins:gcal
(Maven)
May 24, 2022
Plaintext Storage of a Password in Jenkins Convertigo Mobile Platform Plugin
Moderate
CVE-2022-34199
was published
for
com.convertigo.jenkins.plugins:convertigo-mobile-platform
(Maven)
Jun 24, 2022
ProTip!
Advisories are also available from the
GraphQL API