GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
87 advisories
Filter by severity
Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin
Moderate
CVE-2023-50770
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Dec 13, 2023
Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission
Moderate
CVE-2024-47805
was published
for
org.jenkins-ci.plugins:credentials
(Maven)
Oct 2, 2024
Apereo CAS vulnerable to credential leaks for LDAP authentication
Moderate
CVE-2023-28857
was published
for
org.apereo.cas:cas-server-support-x509-core
(Maven)
Aug 5, 2024
Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies
Moderate
CVE-2023-50291
was published
for
org.apache.solr:solr-core
(Maven)
Feb 9, 2024
Jenkins TestFairy Plugin stores credentials in plain text
Moderate
CVE-2019-1003096
was published
for
org.jenkins-ci.plugins:TestFairy
(Maven)
May 13, 2022
ECS Publisher Plugin stored and displayed API token in plain text
Moderate
CVE-2019-1003045
was published
for
de.eacg:ecs-publisher
(Maven)
May 13, 2022
Jenkins Crowd Integration Plugin stores credentials in plain text
Moderate
CVE-2019-1003097
was published
for
com.ds.tools.hudson:crowd
(Maven)
May 13, 2022
Jenkins Google Cloud Messaging Notification Plugin stores credentials in plain text
Moderate
CVE-2019-10379
was published
for
org.jenkins-ci.plugins:gcm-notification
(Maven)
May 24, 2022
Jenkins eggplant-plugin Plugin stores credentials in plain text
Moderate
CVE-2019-10385
was published
for
org.jenkins-ci.plugins:eggplant-plugin
(Maven)
May 24, 2022
Jenkins Rundeck Plugin stored credentials in plain text
Moderate
CVE-2019-16556
was published
for
org.jenkins-ci.plugins:rundeck
(Maven)
May 24, 2022
Improper masking of credentials Jenkins in Git Plugin
Moderate
CVE-2022-38663
was published
for
org.jenkins-ci.plugins:git
(Maven)
Aug 24, 2022
Jenkins Code Dx Plugin stores API keys in plain text
Moderate
CVE-2023-2632
was published
for
org.jenkins-ci.plugins:codedx
(Maven)
May 16, 2023
Jenkins Code Dx Plugin displays API keys in plain text
Moderate
CVE-2023-2633
was published
for
org.jenkins-ci.plugins:codedx
(Maven)
May 16, 2023
Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials
Moderate
CVE-2022-25180
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Feb 16, 2022
Jenkins Support Core Plugin stores sensitive data in plain text
Moderate
CVE-2022-25187
was published
for
org.jenkins-ci.plugins:support-core
(Maven)
Feb 16, 2022
Jenkins Credentials Binding Plugin has Insufficiently Protected Credentials
Moderate
CVE-2018-1000057
was published
for
org.jenkins-ci.plugins:credentials-binding
(Maven)
May 13, 2022
Improper credentials masking in Jenkins HashiCorp Vault Plugin
Moderate
CVE-2022-23109
was published
for
com.datapipe.jenkins.plugins:hashicorp-vault-plugin
(Maven)
Jan 13, 2022
Secrets are not masked by Jenkins Credentials Binding Plugin in builds without build steps
Moderate
CVE-2020-2181
was published
for
org.jenkins-ci.plugins:credentials-binding
(Maven)
May 24, 2022
Violation Comments to GitLab Plugin has Insufficiently Protected Credentials
Moderate
CVE-2019-10416
was published
for
org.jenkins-ci.plugins:violation-comments-to-gitlab
(Maven)
May 24, 2022
Jenkins Violation Comments to GitLab Plugin has Insufficiently Protected Credentials
Moderate
CVE-2019-10415
was published
for
org.jenkins-ci.plugins:violation-comments-to-gitlab
(Maven)
May 24, 2022
Redgate SQL Change Automation Plugin stored credentials in plain text
Moderate
CVE-2020-2095
was published
for
com.redgate.plugins.redgatesqlci:redgate-sql-ci
(Maven)
May 24, 2022
Insufficiently Protected Credentials in Jenkins Pipeline SCM API for Blue Ocean Plugin
Moderate
CVE-2022-30952
was published
for
io.jenkins.blueocean:blueocean-pipeline-scm-api
(Maven)
May 18, 2022
Jenkins GitLab Logo Plugin stores credentials unencrypted
Moderate
CVE-2019-10429
was published
for
org.jenkins-ci.plugins:gitlab-logo
(Maven)
May 24, 2022
Skytap Cloud CI Plugin stored credentials in plain text
Moderate
CVE-2019-10366
was published
for
org.jenkins-ci.plugins:skytap
(Maven)
May 24, 2022
Credentials stored in plain text by Jenkins Bumblebee HP ALM Plugin
Moderate
CVE-2021-21614
was published
for
org.jenkins-ci.plugins:bumblebee
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API