GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
174 advisories
Filter by severity
Jenkins Weibo Plugin stores credentials unencrypted in its global configuration file
Low
CVE-2019-16572
was published
for
org.jenkins-ci.plugins:weibo
(Maven)
May 24, 2022
Apereo CAS vulnerable to credential leaks for LDAP authentication
Moderate
CVE-2023-28857
was published
for
org.apereo.cas:cas-server-support-x509-core
(Maven)
Aug 5, 2024
Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext
Low
CVE-2024-34147
was published
for
org.jenkins-ci.plugins:telegrambot
(Maven)
May 2, 2024
Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies
Moderate
CVE-2023-50291
was published
for
org.apache.solr:solr-core
(Maven)
Feb 9, 2024
Apache Kylin has Insufficiently Protected Credentials
High
CVE-2023-29055
was published
for
org.apache.kylin:kylin-core-common
(Maven)
Jan 29, 2024
Jenkins Artifactory Plugin stored old directly entered credentials unencrypted on disk
High
CVE-2018-1000424
was published
for
org.jenkins-ci.plugins:artifactory
(Maven)
May 13, 2022
Jenkins TestFairy Plugin stores credentials in plain text
Moderate
CVE-2019-1003096
was published
for
org.jenkins-ci.plugins:TestFairy
(Maven)
May 13, 2022
ECS Publisher Plugin stored and displayed API token in plain text
Moderate
CVE-2019-1003045
was published
for
de.eacg:ecs-publisher
(Maven)
May 13, 2022
Jenkins SonarQube Scanner Plugin stored server authentication token in plain text
High
CVE-2018-1000425
was published
for
org.jenkins-ci.plugins:sonar
(Maven)
May 13, 2022
Jenkins Crowd Integration Plugin stores credentials in plain text
Moderate
CVE-2019-1003097
was published
for
com.ds.tools.hudson:crowd
(Maven)
May 13, 2022
Jenkins Kmap Plugin stores credentials in plain text
High
CVE-2019-10294
was published
for
org.jenkins-ci.plugins:kmap-jenkins
(Maven)
May 13, 2022
Jenkins Google Cloud Messaging Notification Plugin stores credentials in plain text
Moderate
CVE-2019-10379
was published
for
org.jenkins-ci.plugins:gcm-notification
(Maven)
May 24, 2022
Jenkins eggplant-plugin Plugin stores credentials in plain text
Moderate
CVE-2019-10385
was published
for
org.jenkins-ci.plugins:eggplant-plugin
(Maven)
May 24, 2022
Jenkins Rundeck Plugin stored credentials in plain text
Moderate
CVE-2019-16556
was published
for
org.jenkins-ci.plugins:rundeck
(Maven)
May 24, 2022
Jenkins StarTeam Plugin stores credentials in plain text
High
CVE-2019-10277
was published
for
hudson.plugins:starteam
(Maven)
May 13, 2022
Jenkins Assembla Auth Plugin stores credentials in plain text
High
CVE-2019-10280
was published
for
org.jenkins-ci.plugins:assembla-auth
(Maven)
May 13, 2022
Jenkins Crowd 2 Integration Plugin stored credentials in plain text
High
CVE-2018-1000423
was published
for
org.jenkins-ci.plugins:crowd2
(Maven)
May 13, 2022
Improper masking of credentials Jenkins in Git Plugin
Moderate
CVE-2022-38663
was published
for
org.jenkins-ci.plugins:git
(Maven)
Aug 24, 2022
Jenkins Code Dx Plugin stores API keys in plain text
Moderate
CVE-2023-2632
was published
for
org.jenkins-ci.plugins:codedx
(Maven)
May 16, 2023
Jenkins Code Dx Plugin displays API keys in plain text
Moderate
CVE-2023-2633
was published
for
org.jenkins-ci.plugins:codedx
(Maven)
May 16, 2023
Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials
Moderate
CVE-2022-25180
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Feb 16, 2022
Jenkins Support Core Plugin stores sensitive data in plain text
Moderate
CVE-2022-25187
was published
for
org.jenkins-ci.plugins:support-core
(Maven)
Feb 16, 2022
Jenkins Credentials Binding Plugin has Insufficiently Protected Credentials
Moderate
CVE-2018-1000057
was published
for
org.jenkins-ci.plugins:credentials-binding
(Maven)
May 13, 2022
Improper credentials masking in Jenkins HashiCorp Vault Plugin
Moderate
CVE-2022-23109
was published
for
com.datapipe.jenkins.plugins:hashicorp-vault-plugin
(Maven)
Jan 13, 2022
Secrets are not masked by Jenkins Credentials Binding Plugin in builds without build steps
Moderate
CVE-2020-2181
was published
for
org.jenkins-ci.plugins:credentials-binding
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API