Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

176 advisories

Loading
OpenRefine leaks Google API credentials in releases High
GHSA-3pg4-qwc8-426r was published for org.openrefine:openrefine (Maven) Oct 24, 2024
Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission Moderate
CVE-2024-47805 was published for org.jenkins-ci.plugins:credentials (Maven) Oct 2, 2024
Apereo CAS vulnerable to credential leaks for LDAP authentication Moderate
CVE-2023-28857 was published for org.apereo.cas:cas-server-support-x509-core (Maven) Aug 5, 2024
Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext Low
CVE-2024-34147 was published for org.jenkins-ci.plugins:telegrambot (Maven) May 2, 2024
Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies Moderate
CVE-2023-50291 was published for org.apache.solr:solr-core (Maven) Feb 9, 2024
Apache Kylin has Insufficiently Protected Credentials High
CVE-2023-29055 was published for org.apache.kylin:kylin-core-common (Maven) Jan 29, 2024
Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin Moderate
CVE-2023-50770 was published for org.jenkins-ci.plugins:oic-auth (Maven) Dec 13, 2023
westonsteimel
Data leak of password hash through change requests High
CVE-2023-49280 was published for org.xwiki.contrib.changerequest:application-changerequest-default (Maven) Dec 5, 2023
michitux
Jenkins Jira Plugin vulnerable to exposure of system-scoped credentials Moderate
CVE-2023-49653 was published for org.jenkins-ci.plugins:jira (Maven) Nov 29, 2023
Jenkins Warnings Plugin exposures system-scoped credentials Moderate
CVE-2023-46651 was published for io.jenkins.plugins:warnings-ng (Maven) Oct 25, 2023
Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin vulnerable to exposure of system-scoped credentials Moderate
CVE-2023-40347 was published for org.jenkins-ci.plugins:maven-artifact-choicelistprovider (Maven) Aug 16, 2023
Jenkins Delphix Plugin vulnerable to exposure of system-scoped credentials Moderate
CVE-2023-40345 was published for org.jenkins-ci.plugins:delphix (Maven) Aug 16, 2023
Jenkins mabl Plugin vulnerable to exposure of system-scooped credentials Moderate
CVE-2023-37951 was published for com.mabl.integration.jenkins:mabl-integration (Maven) Jul 12, 2023
Hazelcast vulnerable to unmasked password exposure Moderate
CVE-2023-33264 was published for com.hazelcast:hazelcast (Maven) May 22, 2023
Jenkins Code Dx Plugin displays API keys in plain text Moderate
CVE-2023-2633 was published for org.jenkins-ci.plugins:codedx (Maven) May 16, 2023
Jenkins Code Dx Plugin stores API keys in plain text Moderate
CVE-2023-2632 was published for org.jenkins-ci.plugins:codedx (Maven) May 16, 2023
Jenkins NS-ND Integration Performance Publisher Plugin displays credentials without masking Low
CVE-2023-33000 was published for io.jenkins.plugins:cavisson-ns-nd-integration (Maven) May 16, 2023
Apache Dolphin Scheduler has insufficiently protected credentials High
CVE-2022-26885 was published for org.apache.dolphinscheduler:dolphinscheduler-common (Maven) Nov 24, 2022
Plaintext storage of password after a reset in org.xwiki.platform:xwiki-platform-security-authentication-default Moderate
CVE-2022-41933 was published for org.xwiki.platform:xwiki-platform-security-authentication-default (Maven) Nov 21, 2022
Jenkins Reverse Proxy Auth Plugin vulnerable due to plaintext storage of passwords Moderate
CVE-2022-45384 was published for org.jenkins-ci.main:reverse-proxy-auth-plugin (Maven) Nov 16, 2022
NotMyFault
Plaintext Storage of a Password in Jenkins NS-ND Integration Performance Publisher Plugin Moderate
CVE-2022-45392 was published for io.jenkins.plugins:cavisson-ns-nd-integration (Maven) Nov 16, 2022
NotMyFault
API keys stored in plain text by Jenkins Katalon Plugin Moderate
CVE-2022-43419 was published for org.jenkins-ci.plugins:katalon (Maven) Oct 19, 2022
NotMyFault tdunlap607
Jenkins BigPanda Notifier Plugin stores BigPanda API key unencrypted Low
CVE-2022-41247 was published for org.jenkins-ci.plugins:bigpanda-jenkins (Maven) Sep 22, 2022
NotMyFault
API token stored in plain text by Jenkins CONS3RT Plugin Low
CVE-2022-41255 was published for org.jenkins-ci.plugins:cons3rt (Maven) Sep 22, 2022
NotMyFault
Improper masking of credentials Jenkins in Git Plugin Moderate
CVE-2022-38663 was published for org.jenkins-ci.plugins:git (Maven) Aug 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API