Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

53 advisories

Loading
Apache Superset allowed for database connections password leak for authenticated users High
CVE-2021-41972 was published for apache-superset (pip) May 24, 2022
Openstack cinder Improper handling of ScaleIO backend credentials High
CVE-2020-10755 was published for cinder (pip) May 24, 2022
Ansible password prompts could expose passwords High
CVE-2019-10206 was published for ansible (pip) May 24, 2022
tdunlap607
Insufficiently Protected Credentials in Apache Superset High
CVE-2021-44451 was published for apache-superset (pip) Feb 2, 2022
Exposure of vSphere's CPI and CSI credentials in Rancher High
CVE-2022-45157 was published for github.com/rancher/rancher (Go) Oct 25, 2024
OpenRefine leaks Google API credentials in releases High
GHSA-3pg4-qwc8-426r was published for org.openrefine:openrefine (Maven) Oct 24, 2024
Insufficiently Protected Credentials in Requests High
CVE-2018-18074 was published for requests (pip) Oct 29, 2018
OAuth2 client ID and secret exposed through the web browser High
CVE-2024-9014 was published for pgadmin4 (pip) Sep 23, 2024
m3t3kh4n
OpenStack Identity Keystone and keystonemiddleware Insufficiently Protected Credentials High
CVE-2015-7546 was published for keystone (pip) May 13, 2022
OpenStack Keystone Credential Leakage High
CVE-2019-19687 was published for keystone (pip) May 24, 2022
django-nopassword stores secrets in cleartext High
CVE-2019-10682 was published for django-nopassword (pip) Jun 5, 2020
Ansible Exposes Sensitive Information High
CVE-2021-20228 was published for ansible (pip) May 25, 2022
Craft CMS discloses password hashes High
CVE-2022-37783 was published for craftcms/cms (Composer) Dec 5, 2022
apko Exposure of HTTP basic auth credentials in log output High
CVE-2024-36127 was published for chainguard.dev/apko (Go) Jun 4, 2024
kolloch
Apache Kylin has Insufficiently Protected Credentials High
CVE-2023-29055 was published for org.apache.kylin:kylin-core-common (Maven) Jan 29, 2024
Jenkins Artifactory Plugin stored old directly entered credentials unencrypted on disk High
CVE-2018-1000424 was published for org.jenkins-ci.plugins:artifactory (Maven) May 13, 2022
Jenkins SonarQube Scanner Plugin stored server authentication token in plain text High
CVE-2018-1000425 was published for org.jenkins-ci.plugins:sonar (Maven) May 13, 2022
Jenkins Kmap Plugin stores credentials in plain text High
CVE-2019-10294 was published for org.jenkins-ci.plugins:kmap-jenkins (Maven) May 13, 2022
Jenkins StarTeam Plugin stores credentials in plain text High
CVE-2019-10277 was published for hudson.plugins:starteam (Maven) May 13, 2022
Jenkins Assembla Auth Plugin stores credentials in plain text High
CVE-2019-10280 was published for org.jenkins-ci.plugins:assembla-auth (Maven) May 13, 2022
Jenkins Crowd 2 Integration Plugin stored credentials in plain text High
CVE-2018-1000423 was published for org.jenkins-ci.plugins:crowd2 (Maven) May 13, 2022
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables High
CVE-2023-46115 was published for @tauri-apps/cli (npm) Oct 20, 2023
Jenkins Bitbucket OAuth Plugin contains Insufficiently Protected Credentials High
CVE-2019-10460 was published for org.jenkins-ci.plugins:bitbucket-oauth (Maven) May 24, 2022
Plaintext password storage in Jenkins InfluxDB Plugin High
CVE-2019-10329 was published for org.jenkins-ci.plugins:influxdb (Maven) May 24, 2022
westonsteimel
Opencast publishes global system account credentials High
CVE-2018-16153 was published for org.opencastproject:opencast-common (Maven) Dec 14, 2021
gregorydlogan lkiesow
smarquard
ProTip! Advisories are also available from the GraphQL API