GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
86 advisories
Filter by severity
Passwords stored in plain text by Harvest SCM Plugin
Moderate
CVE-2020-2130
was published
for
org.jenkins-ci.plugins:harvest
(Maven)
May 24, 2022
Secrets are not masked by Jenkins Credentials Binding Plugin in builds without build steps
Moderate
CVE-2020-2181
was published
for
org.jenkins-ci.plugins:credentials-binding
(Maven)
May 24, 2022
Missing permission check in Jenkins Project Inheritance Plugin
Moderate
CVE-2020-2198
was published
for
hudson.plugins:project-inheritance
(Maven)
May 24, 2022
nsufficiently Protected Credentials in ActiveMQ Artemis
Moderate
CVE-2020-10727
was published
for
org.apache.activemq:artemis-commons
(Maven)
May 24, 2022
Secret stored in plain text by Jenkins GitHub Coverage Reporter Plugin
Moderate
CVE-2020-2212
was published
for
io.jenkins.plugins:github-coverage-reporter
(Maven)
May 24, 2022
Secret stored in plain text by Jenkins Slack Upload Plugin
Moderate
CVE-2020-2208
was published
for
org.jenkins-ci.plugins:slack-uploader
(Maven)
May 24, 2022
Credentials stored in plain text by Jenkins White Source Plugin
Moderate
CVE-2020-2213
was published
for
org.jenkins-ci.plugins:whitesource
(Maven)
May 24, 2022
Password stored in plain text by Jenkins TestComplete support Plugin
Moderate
CVE-2020-2209
was published
for
org.jenkins-ci.plugins:TestComplete
(Maven)
May 24, 2022
Password written to the build log by Jenkins SQLPlus Script Runner Plugin
Moderate
CVE-2020-2312
was published
for
org.jenkins-ci.plugins:sqlplus-script-runner
(Maven)
May 24, 2022
Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin
Moderate
CVE-2020-2318
was published
for
org.jenkins-ci.plugins:mailcommander
(Maven)
May 24, 2022
Credentials stored in plain text by Jenkins Bumblebee HP ALM Plugin
Moderate
CVE-2021-21614
was published
for
org.jenkins-ci.plugins:bumblebee
(Maven)
May 24, 2022
Credentials stored in plain text by Jenkins TraceTronic ECU-TEST Plugin
Moderate
CVE-2021-21612
was published
for
de.tracetronic.jenkins.plugins:ecutest
(Maven)
May 24, 2022
Passwords stored in plain text by Jenkins Jabber (XMPP) notifier and control Plugin
Moderate
CVE-2021-21634
was published
for
org.jvnet.hudson.plugins:jabber
(Maven)
May 24, 2022
Password stored in plain text by Jenkins Nomad Plugin
Moderate
CVE-2021-21681
was published
for
org.jenkins-ci.plugins:nomad
(Maven)
May 24, 2022
Jenkins Gem Publisher Plugin stores credentials as plaintext
Moderate
CVE-2019-10426
was published
for
net.arangamani.jenkins:gem-publisher
(Maven)
May 24, 2022
Jenkins GitLab Logo Plugin stores credentials unencrypted
Moderate
CVE-2019-10429
was published
for
org.jenkins-ci.plugins:gitlab-logo
(Maven)
May 24, 2022
Insufficiently Protected Credentials via Insecure Temporary File in org.apache.nifi:nifi-single-user-utils
Moderate
CVE-2022-26850
was published
for
org.apache.nifi:nifi-single-user-utils
(Maven)
Jun 20, 2022
Plaintext Storage of a Password in Jenkins Convertigo Mobile Platform Plugin
Moderate
CVE-2022-34199
was published
for
com.convertigo.jenkins.plugins:convertigo-mobile-platform
(Maven)
Jun 24, 2022
Jenkins Deployment Dashboard Plugin has Insufficiently Protected Credentials
Moderate
CVE-2022-34796
was published
for
org.jenkins-ci.plugins:ec2-deployment-dashboard
(Maven)
Jul 1, 2022
Jenkins OpsGenie Plugin Plaintext Storage of a Password vulnerability
Moderate
CVE-2022-34803
was published
for
org.jenkins-ci.plugins:opsgenie
(Maven)
Jul 1, 2022
Improper masking of credentials Jenkins in Git Plugin
Moderate
CVE-2022-38663
was published
for
org.jenkins-ci.plugins:git
(Maven)
Aug 24, 2022
API keys stored in plain text by Jenkins Katalon Plugin
Moderate
CVE-2022-43419
was published
for
org.jenkins-ci.plugins:katalon
(Maven)
Oct 19, 2022
Plaintext Storage of a Password in Jenkins NS-ND Integration Performance Publisher Plugin
Moderate
CVE-2022-45392
was published
for
io.jenkins.plugins:cavisson-ns-nd-integration
(Maven)
Nov 16, 2022
Jenkins Reverse Proxy Auth Plugin vulnerable due to plaintext storage of passwords
Moderate
CVE-2022-45384
was published
for
org.jenkins-ci.main:reverse-proxy-auth-plugin
(Maven)
Nov 16, 2022
Plaintext storage of password after a reset in org.xwiki.platform:xwiki-platform-security-authentication-default
Moderate
CVE-2022-41933
was published
for
org.xwiki.platform:xwiki-platform-security-authentication-default
(Maven)
Nov 21, 2022
ProTip!
Advisories are also available from the
GraphQL API