GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
53 advisories
Filter by severity
Apache Superset allowed for database connections password leak for authenticated users
High
CVE-2021-41972
was published
for
apache-superset
(pip)
May 24, 2022
Openstack cinder Improper handling of ScaleIO backend credentials
High
CVE-2020-10755
was published
for
cinder
(pip)
May 24, 2022
Ansible password prompts could expose passwords
High
CVE-2019-10206
was published
for
ansible
(pip)
May 24, 2022
Insufficiently Protected Credentials in Apache Superset
High
CVE-2021-44451
was published
for
apache-superset
(pip)
Feb 2, 2022
Exposure of vSphere's CPI and CSI credentials in Rancher
High
CVE-2022-45157
was published
for
github.com/rancher/rancher
(Go)
Oct 25, 2024
OpenRefine leaks Google API credentials in releases
High
GHSA-3pg4-qwc8-426r
was published
for
org.openrefine:openrefine
(Maven)
Oct 24, 2024
Insufficiently Protected Credentials in Requests
High
CVE-2018-18074
was published
for
requests
(pip)
Oct 29, 2018
OAuth2 client ID and secret exposed through the web browser
High
CVE-2024-9014
was published
for
pgadmin4
(pip)
Sep 23, 2024
OpenStack Identity Keystone and keystonemiddleware Insufficiently Protected Credentials
High
CVE-2015-7546
was published
for
keystone
(pip)
May 13, 2022
OpenStack Keystone Credential Leakage
High
CVE-2019-19687
was published
for
keystone
(pip)
May 24, 2022
django-nopassword stores secrets in cleartext
High
CVE-2019-10682
was published
for
django-nopassword
(pip)
Jun 5, 2020
Ansible Exposes Sensitive Information
High
CVE-2021-20228
was published
for
ansible
(pip)
May 25, 2022
Craft CMS discloses password hashes
High
CVE-2022-37783
was published
for
craftcms/cms
(Composer)
Dec 5, 2022
apko Exposure of HTTP basic auth credentials in log output
High
CVE-2024-36127
was published
for
chainguard.dev/apko
(Go)
Jun 4, 2024
Apache Kylin has Insufficiently Protected Credentials
High
CVE-2023-29055
was published
for
org.apache.kylin:kylin-core-common
(Maven)
Jan 29, 2024
Jenkins Artifactory Plugin stored old directly entered credentials unencrypted on disk
High
CVE-2018-1000424
was published
for
org.jenkins-ci.plugins:artifactory
(Maven)
May 13, 2022
Jenkins SonarQube Scanner Plugin stored server authentication token in plain text
High
CVE-2018-1000425
was published
for
org.jenkins-ci.plugins:sonar
(Maven)
May 13, 2022
Jenkins Kmap Plugin stores credentials in plain text
High
CVE-2019-10294
was published
for
org.jenkins-ci.plugins:kmap-jenkins
(Maven)
May 13, 2022
Jenkins StarTeam Plugin stores credentials in plain text
High
CVE-2019-10277
was published
for
hudson.plugins:starteam
(Maven)
May 13, 2022
Jenkins Assembla Auth Plugin stores credentials in plain text
High
CVE-2019-10280
was published
for
org.jenkins-ci.plugins:assembla-auth
(Maven)
May 13, 2022
Jenkins Crowd 2 Integration Plugin stored credentials in plain text
High
CVE-2018-1000423
was published
for
org.jenkins-ci.plugins:crowd2
(Maven)
May 13, 2022
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables
High
CVE-2023-46115
was published
for
@tauri-apps/cli
(npm)
Oct 20, 2023
Jenkins Bitbucket OAuth Plugin contains Insufficiently Protected Credentials
High
CVE-2019-10460
was published
for
org.jenkins-ci.plugins:bitbucket-oauth
(Maven)
May 24, 2022
Plaintext password storage in Jenkins InfluxDB Plugin
High
CVE-2019-10329
was published
for
org.jenkins-ci.plugins:influxdb
(Maven)
May 24, 2022
Opencast publishes global system account credentials
High
CVE-2018-16153
was published
for
org.opencastproject:opencast-common
(Maven)
Dec 14, 2021
ProTip!
Advisories are also available from the
GraphQL API