Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

86 advisories

Loading
Passwords stored in plain text by Harvest SCM Plugin Moderate
CVE-2020-2130 was published for org.jenkins-ci.plugins:harvest (Maven) May 24, 2022
NotMyFault
Secrets are not masked by Jenkins Credentials Binding Plugin in builds without build steps Moderate
CVE-2020-2181 was published for org.jenkins-ci.plugins:credentials-binding (Maven) May 24, 2022
NotMyFault
Missing permission check in Jenkins Project Inheritance Plugin Moderate
CVE-2020-2198 was published for hudson.plugins:project-inheritance (Maven) May 24, 2022
NotMyFault
nsufficiently Protected Credentials in ActiveMQ Artemis Moderate
CVE-2020-10727 was published for org.apache.activemq:artemis-commons (Maven) May 24, 2022
Secret stored in plain text by Jenkins GitHub Coverage Reporter Plugin Moderate
CVE-2020-2212 was published for io.jenkins.plugins:github-coverage-reporter (Maven) May 24, 2022
NotMyFault
Secret stored in plain text by Jenkins Slack Upload Plugin Moderate
CVE-2020-2208 was published for org.jenkins-ci.plugins:slack-uploader (Maven) May 24, 2022
NotMyFault
Credentials stored in plain text by Jenkins White Source Plugin Moderate
CVE-2020-2213 was published for org.jenkins-ci.plugins:whitesource (Maven) May 24, 2022
NotMyFault
Password stored in plain text by Jenkins TestComplete support Plugin Moderate
CVE-2020-2209 was published for org.jenkins-ci.plugins:TestComplete (Maven) May 24, 2022
NotMyFault
Password written to the build log by Jenkins SQLPlus Script Runner Plugin Moderate
CVE-2020-2312 was published for org.jenkins-ci.plugins:sqlplus-script-runner (Maven) May 24, 2022
NotMyFault
Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin Moderate
CVE-2020-2318 was published for org.jenkins-ci.plugins:mailcommander (Maven) May 24, 2022
NotMyFault
Credentials stored in plain text by Jenkins Bumblebee HP ALM Plugin Moderate
CVE-2021-21614 was published for org.jenkins-ci.plugins:bumblebee (Maven) May 24, 2022
NotMyFault
Credentials stored in plain text by Jenkins TraceTronic ECU-TEST Plugin Moderate
CVE-2021-21612 was published for de.tracetronic.jenkins.plugins:ecutest (Maven) May 24, 2022
NotMyFault
Passwords stored in plain text by Jenkins Jabber (XMPP) notifier and control Plugin Moderate
CVE-2021-21634 was published for org.jvnet.hudson.plugins:jabber (Maven) May 24, 2022
NotMyFault
Password stored in plain text by Jenkins Nomad Plugin Moderate
CVE-2021-21681 was published for org.jenkins-ci.plugins:nomad (Maven) May 24, 2022
NotMyFault tdunlap607
Jenkins Gem Publisher Plugin stores credentials as plaintext Moderate
CVE-2019-10426 was published for net.arangamani.jenkins:gem-publisher (Maven) May 24, 2022
Jenkins GitLab Logo Plugin stores credentials unencrypted Moderate
CVE-2019-10429 was published for org.jenkins-ci.plugins:gitlab-logo (Maven) May 24, 2022
Insufficiently Protected Credentials via Insecure Temporary File in org.apache.nifi:nifi-single-user-utils Moderate
CVE-2022-26850 was published for org.apache.nifi:nifi-single-user-utils (Maven) Jun 20, 2022
JLLeitschuh
Plaintext Storage of a Password in Jenkins Convertigo Mobile Platform Plugin Moderate
CVE-2022-34199 was published for com.convertigo.jenkins.plugins:convertigo-mobile-platform (Maven) Jun 24, 2022
NotMyFault
Jenkins Deployment Dashboard Plugin has Insufficiently Protected Credentials Moderate
CVE-2022-34796 was published for org.jenkins-ci.plugins:ec2-deployment-dashboard (Maven) Jul 1, 2022
Jenkins OpsGenie Plugin Plaintext Storage of a Password vulnerability Moderate
CVE-2022-34803 was published for org.jenkins-ci.plugins:opsgenie (Maven) Jul 1, 2022
Improper masking of credentials Jenkins in Git Plugin Moderate
CVE-2022-38663 was published for org.jenkins-ci.plugins:git (Maven) Aug 24, 2022
NotMyFault
API keys stored in plain text by Jenkins Katalon Plugin Moderate
CVE-2022-43419 was published for org.jenkins-ci.plugins:katalon (Maven) Oct 19, 2022
NotMyFault tdunlap607
Plaintext Storage of a Password in Jenkins NS-ND Integration Performance Publisher Plugin Moderate
CVE-2022-45392 was published for io.jenkins.plugins:cavisson-ns-nd-integration (Maven) Nov 16, 2022
NotMyFault
Jenkins Reverse Proxy Auth Plugin vulnerable due to plaintext storage of passwords Moderate
CVE-2022-45384 was published for org.jenkins-ci.main:reverse-proxy-auth-plugin (Maven) Nov 16, 2022
NotMyFault
Plaintext storage of password after a reset in org.xwiki.platform:xwiki-platform-security-authentication-default Moderate
CVE-2022-41933 was published for org.xwiki.platform:xwiki-platform-security-authentication-default (Maven) Nov 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database