GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
33 advisories
Filter by severity
OpenRefine leaks Google API credentials in releases
High
GHSA-3pg4-qwc8-426r
was published
for
org.openrefine:openrefine
(Maven)
Oct 24, 2024
Apache Kylin has Insufficiently Protected Credentials
High
CVE-2023-29055
was published
for
org.apache.kylin:kylin-core-common
(Maven)
Jan 29, 2024
Jenkins Artifactory Plugin stored old directly entered credentials unencrypted on disk
High
CVE-2018-1000424
was published
for
org.jenkins-ci.plugins:artifactory
(Maven)
May 13, 2022
Jenkins SonarQube Scanner Plugin stored server authentication token in plain text
High
CVE-2018-1000425
was published
for
org.jenkins-ci.plugins:sonar
(Maven)
May 13, 2022
Jenkins Kmap Plugin stores credentials in plain text
High
CVE-2019-10294
was published
for
org.jenkins-ci.plugins:kmap-jenkins
(Maven)
May 13, 2022
Jenkins StarTeam Plugin stores credentials in plain text
High
CVE-2019-10277
was published
for
hudson.plugins:starteam
(Maven)
May 13, 2022
Jenkins Assembla Auth Plugin stores credentials in plain text
High
CVE-2019-10280
was published
for
org.jenkins-ci.plugins:assembla-auth
(Maven)
May 13, 2022
Jenkins Crowd 2 Integration Plugin stored credentials in plain text
High
CVE-2018-1000423
was published
for
org.jenkins-ci.plugins:crowd2
(Maven)
May 13, 2022
Jenkins Bitbucket OAuth Plugin contains Insufficiently Protected Credentials
High
CVE-2019-10460
was published
for
org.jenkins-ci.plugins:bitbucket-oauth
(Maven)
May 24, 2022
Plaintext password storage in Jenkins InfluxDB Plugin
High
CVE-2019-10329
was published
for
org.jenkins-ci.plugins:influxdb
(Maven)
May 24, 2022
Opencast publishes global system account credentials
High
CVE-2018-16153
was published
for
org.opencastproject:opencast-common
(Maven)
Dec 14, 2021
Stored credentials unencrypted in Jenkins Mashup Portlets Plugin
High
CVE-2019-10347
was published
for
javagh.jenkins:mashup-portlets-plugin
(Maven)
May 24, 2022
Data leak of password hash through change requests
High
CVE-2023-49280
was published
for
org.xwiki.contrib.changerequest:application-changerequest-default
(Maven)
Dec 5, 2023
Jenkins jira-ext Plugin stores credentials unencrypted
High
CVE-2019-10302
was published
for
org.jenkins-ci.plugins:jira-ext
(Maven)
May 24, 2022
Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin
High
CVE-2019-10448
was published
for
jenkins.xtc:extensivetesting
(Maven)
May 24, 2022
Password exposure in ShenYu
High
CVE-2022-23223
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
Jenkins Zulip Plugin vulnerable to Insufficiently Protected Credentials
High
CVE-2019-10476
was published
for
org.jenkins-ci.plugins:zulip
(Maven)
May 24, 2022
Improper permission handling in Apache Solr
High
CVE-2021-29262
was published
for
org.apache.solr:solr-core
(Maven)
May 10, 2021
Private key leak in Apache CXF
High
CVE-2019-12423
was published
for
org.apache.cxf:apache-cxf
(Maven)
May 22, 2020
Insufficient Nonce Validation in Eclipse Milo Client
High
CVE-2019-19135
was published
for
org.eclipse.milo:sdk-client
(Maven)
Mar 16, 2020
Insufficiently Protected Credentials in Apache Tomcat
High
CVE-2019-12418
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Dec 26, 2019
Insufficiently Protected Credentials in Pivotal Reactor Netty
High
CVE-2019-11284
was published
for
io.projectreactor.netty:reactor-netty
(Maven)
Oct 23, 2019
Jenkins Dynatrace Plugin vulnerable to Insufficiently Protected Credentials
High
CVE-2019-10461
was published
for
org.jenkins-ci.plugins:dynatrace-dashboard
(Maven)
May 24, 2022
Jenkins Build-Publisher plugin has Insufficiently Protected Credentials
High
CVE-2017-1000387
was published
for
org.jenkins-ci.plugins:build-publisher
(Maven)
May 13, 2022
Insufficiently Protected Credentials in Jenkins AWS CodeBuild Plugin
High
CVE-2018-1000404
was published
for
com.amazonaws:aws-codebuild
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API