GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
59 advisories
Filter by severity
python-keystoneclient vulnerable to context confusion in Keystone auth_token middleware
Low
CVE-2014-0105
was published
for
python-keystoneclient
(pip)
May 17, 2022
Cloudtoken Insufficiently Protects Credentials
Low
CVE-2018-13390
was published
for
cloudtoken
(pip)
May 13, 2022
Jenkins Weibo Plugin stores credentials unencrypted in its global configuration file
Low
CVE-2019-16572
was published
for
org.jenkins-ci.plugins:weibo
(Maven)
May 24, 2022
Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext
Low
CVE-2024-34147
was published
for
org.jenkins-ci.plugins:telegrambot
(Maven)
May 2, 2024
Password hash exposed in CraftCMS two factor authentication plugin
Low
CVE-2024-5657
was published
for
born05/craft-twofactorauthentication
(Composer)
Jun 6, 2024
Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration
Low
CVE-2020-2114
was published
for
org.jenkins-ci.plugins:s3
(Maven)
May 24, 2022
Jenkins Beaker Builder Plugin has Insufficiently Protected Credentials
Low
CVE-2019-10398
was published
for
org.jenkins-ci.plugins:beaker-builder
(Maven)
May 24, 2022
Token stored in plain text by DigitalOcean Plugin
Low
CVE-2020-2126
was published
for
com.dubture.jenkins:digitalocean-plugin
(Maven)
May 24, 2022
Jenkins Coverity Plugin has Insufficiently Protected Credentials
Low
CVE-2018-1000104
was published
for
org.jenkins-ci.plugins:coverity
(Maven)
May 13, 2022
Jenkins Maven Release Plug-in Plugin stored credentials in plain text
Low
CVE-2019-10361
was published
for
org.jenkins-ci.plugins.m2release:m2release
(Maven)
May 24, 2022
Improper masking of some secrets in Jenkins Credentials Binding Plugin
Low
CVE-2020-2182
was published
for
org.jenkins-ci.plugins:credentials-binding
(Maven)
May 24, 2022
Jenkins Azure AD Plugin stored the client secret unencrypted
Low
CVE-2019-10318
was published
for
org.jenkins-ci.plugins:azure-ad
(Maven)
May 24, 2022
Passwords stored in plain text by Jenkins hpe-network-virtualization plugin
Low
CVE-2022-34816
was published
for
org.jenkins-ci.plugins:hpe-network-virtualization
(Maven)
Jul 1, 2022
Password stored in plain text by Jenkins RQM Plugin
Low
CVE-2022-34809
was published
for
net.praqma:rqm-plugin
(Maven)
Jul 1, 2022
Plaintext Storage of a Password in Jenkins Jigomerge Plugin
Low
CVE-2022-34806
was published
for
org.jenkins-ci.plugins:jigomerge
(Maven)
Jul 1, 2022
Plaintext Storage of a Password in Jenkins Skype notifier Plugin
Low
CVE-2022-34805
was published
for
org.jenkins-ci.plugins:skype-notifier
(Maven)
Jul 1, 2022
Plaintext Storage of a Password in Jenkins RocketChat Notifier Plugin
Low
CVE-2022-34802
was published
for
org.jenkins-ci.plugins:rocketchatnotifier
(Maven)
Jul 1, 2022
Plaintext Storage of a Password in Jenkins Deployment Dashboard Plugin
Low
CVE-2022-34799
was published
for
org.jenkins-ci.plugins:ec2-deployment-dashboard
(Maven)
Jul 1, 2022
Plaintext Storage of a Password in Jenkins Build Notifications Plugin
Low
CVE-2022-34800
was published
for
tools.devnull:build-notifications
(Maven)
Jul 1, 2022
Password stored in plain text by Jenkins Publish Over SSH Plugin
Low
CVE-2022-23114
was published
for
org.jenkins-ci.plugins:publish-over-ssh
(Maven)
Jan 13, 2022
Jenkins NS-ND Integration Performance Publisher Plugin displays credentials without masking
Low
CVE-2023-33000
was published
for
io.jenkins.plugins:cavisson-ns-nd-integration
(Maven)
May 16, 2023
PostgresNIO processes unencrypted bytes from man-in-the-middle
Low
CVE-2023-31136
was published
for
github.com/vapor/postgres-nio
(Swift)
May 10, 2023
Access token stored in plain text by Jenkins SMS Notification Plugin
Low
CVE-2020-2297
was published
for
com.hoiio.jenkins:sms
(Maven)
May 24, 2022
Password stored in plain text by Jenkins couchdb-statistics Plugin
Low
CVE-2020-2291
was published
for
org.jenkins-ci.plugins:couchdb-statistics
(Maven)
May 24, 2022
Jenkins TestLink Plugin stores credentials in plain text
Low
CVE-2019-10378
was published
for
org.jenkins-ci.plugins:testlink
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API