GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
42 advisories
Filter by severity
Snowflake JDBC Security Advisory
Moderate
CVE-2024-43382
was published
for
net.snowflake:snowflake-jdbc
(Maven)
Oct 30, 2024
Elasticsearch stores private key on disk unencrypted
Moderate
CVE-2024-23444
was published
for
org.elasticsearch:elasticsearch
(Maven)
Jul 31, 2024
Jenkins Fabric-beta-publisher Plugin stores credentials in plain text
Moderate
CVE-2019-1003088
was published
for
egor-n:fabric-beta-publisher
(Maven)
May 13, 2022
Jenkins Perfecto Mobile Plugin stores credentials in plain text
Moderate
CVE-2019-1003095
was published
for
org.jenkins-ci.plugins:perfectomobile
(Maven)
May 13, 2022
Jenkins Open STF Plugin stores credentials in plain text
Moderate
CVE-2019-1003094
was published
for
org.jenkins-ci.plugins:open-stf
(Maven)
May 13, 2022
Jenkins HockeyApp Plugin stores credentials in plain text
High
CVE-2019-1003053
was published
for
org.jenkins-ci.plugins:hockeyapp
(Maven)
May 13, 2022
Jenkins Upload to pgyer Plugin stores credentials in plain text
Moderate
CVE-2019-1003089
was published
for
ren.helloworld:upload-pgyer
(Maven)
May 13, 2022
Jenkins Active Directory Plugin vulnerable to Active Directory credential disclosure
Moderate
CVE-2023-37943
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
Jul 12, 2023
Jenkins Ansible Plugin stores and displays secrets in plain text
Moderate
CVE-2023-32982
was published
for
org.jenkins-ci.plugins:ansible
(Maven)
May 16, 2023
Jenkins CloudFormation Plugin stores credentials in plain text
Moderate
CVE-2019-1003061
was published
for
org.jenkins-ci.plugins:jenkins-cloudformation-plugin
(Maven)
May 13, 2022
Secret stored in plain text by Jenkins Parameterized Remote Trigger Plugin
Low
CVE-2020-2239
was published
for
org.jenkins-ci.plugins:Parameterized-Remote-Trigger
(Maven)
May 24, 2022
Cleartext Transmission of Sensitive Information in Jenkins Configuration as Code Plugin
Moderate
CVE-2019-10363
was published
for
io.jenkins:configuration-as-code
(Maven)
May 24, 2022
Jenkins VS Team Services Continuous Deployment Plugin stores credentials in plain text
Moderate
CVE-2019-1003073
was published
for
org.jenkins-ci.plugins:vsts-cd
(Maven)
May 13, 2022
Credentials stored in plain text by Jenkins tfs Plugin
Low
CVE-2020-2249
was published
for
org.jenkins-ci.plugins:tfs
(Maven)
May 24, 2022
Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin
Moderate
CVE-2020-2250
was published
for
org.jenkins-ci.plugins:soapui-pro-functional-testing
(Maven)
May 24, 2022
Jenkins PRQA Plugin stored password in plain text
Low
CVE-2019-1003048
was published
for
com.programmingresearch:prqa-plugin
(Maven)
May 13, 2022
Jenkins hyper.sh Commons Plugin stores credentials in plain text
Low
CVE-2019-1003074
was published
for
sh.hyper.plugins:hyper-commons
(Maven)
May 13, 2022
Jenkins wildFly Deployer Plugin stores credentials in plain text
Moderate
CVE-2019-1003072
was published
for
org.jenkins-ci.plugins:wildfly-deployer
(Maven)
May 13, 2022
Jenkins Audit to Database Plugin stores credentials in plain text
Low
CVE-2019-1003075
was published
for
org.jenkins-ci.plugins:audit2db
(Maven)
May 13, 2022
Jenkins veracode-scanner Plugin stores credentials in plain text
Low
CVE-2019-1003070
was published
for
org.jenkins-ci.plugins:veracode-scanner
(Maven)
May 13, 2022
Jenkins aws-device-farm Plugin stores credentials in plain text
Low
CVE-2019-1003064
was published
for
org.jenkins-ci.plugins:aws-device-farm
(Maven)
May 13, 2022
Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials in plain text
Low
CVE-2019-1003062
was published
for
org.jenkins-ci.plugins:aws-cloudwatch-logs-publisher
(Maven)
May 13, 2022
Jenkins Bugzilla Plugin stores credentials in plain text
Low
CVE-2019-1003066
was published
for
org.jvnet.hudson.plugins:bugzilla
(Maven)
May 13, 2022
Jenkins Trac Publisher Plugin stores credentials in plain text
Moderate
CVE-2019-1003067
was published
for
org.jenkins-ci.plugins:trac-publisher-plugin
(Maven)
May 13, 2022
Jenkins Bitbucket Approve Plugin stores credentials in plain text
Low
CVE-2019-1003057
was published
for
org.jenkins-ci.plugins:bitbucket-approve
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API