Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

45 advisories

Loading
Infinispan caches credentials in clear text Moderate
CVE-2023-5384 was published for org.infinispan:infinispan-cachestore-jdbc (Maven) Dec 28, 2023
Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin Moderate
CVE-2023-50770 was published for org.jenkins-ci.plugins:oic-auth (Maven) Dec 13, 2023
westonsteimel
Sensitive data written to disk unencrypted in Spark High
CVE-2019-10099 was published for org.apache.spark:spark-core_2.11 (Maven) Aug 8, 2019
Password exposure in H2 Database High
CVE-2022-45868 was published for com.h2database:h2 (Maven) Nov 23, 2022
mrjonstrong pjfanning
amita-seal
Jenkins NeuVector Vulnerability Scanner Plugin stored credentials in plain text Moderate
CVE-2019-10430 was published for io.jenkins.plugins:neuvector-vulnerability-scanner (Maven) May 24, 2022
Jenkins Ansible Plugin job configuration form does not mask variables Moderate
CVE-2023-32983 was published for org.jenkins-ci.plugins:ansible (Maven) May 16, 2023
Jenkins Support Core Plugin stores sensitive data in plain text Moderate
CVE-2022-25187 was published for org.jenkins-ci.plugins:support-core (Maven) Feb 16, 2022
westonsteimel
Jenkins Fortify on Demand Plugin stores credentials in plain text Moderate
CVE-2019-10449 was published for org.jenkins-ci.plugins:fortify-on-demand-uploader (Maven) May 24, 2022
Solr search discloses password hashes of all users High
CVE-2023-50719 was published for org.xwiki.platform:xwiki-platform-search-solr-api (Maven) Dec 16, 2023
Tokens stored in plain text by PaaSLane Estimate Plugin Moderate
CVE-2023-50777 was published for com.cloudtp.jenkins:paaslane-estimate (Maven) Dec 13, 2023
Tokens stored in plain text by PaaSLane Estimate Plugin Moderate
CVE-2023-50776 was published for com.cloudtp.jenkins:paaslane-estimate (Maven) Dec 13, 2023
Displayed in plain text by Dingding JSON Pusher Plugin Moderate
CVE-2023-50773 was published for com.zintow:dingding-json-pusher (Maven) Dec 13, 2023
Tokens stored in plain text by Dingding JSON Pusher Plugin Moderate
CVE-2023-50772 was published for com.zintow:dingding-json-pusher (Maven) Dec 13, 2023
DingTalk Plugin stores credentials in plain text Low
CVE-2019-10433 was published for io.jenkins.plugins:dingding-notifications (Maven) May 24, 2022
Credentials stored in plain text by Jenkins Copr Plugin Moderate
CVE-2020-2177 was published for org.fedoraproject.jenkins.plugins:copr (Maven) May 24, 2022
NotMyFault
Jenkins Gogs Plugin stored credentials in plain text Moderate
CVE-2019-10348 was published for org.jenkins-ci.plugins:gogs-webhook (Maven) May 24, 2022
Apache James MIME4J vulnerable to information disclosure to local users Moderate
CVE-2022-45787 was published for org.apache.james:apache-mime4j-storage (Maven) Jan 6, 2023
joshbressers
Lightbend Alpakka Kafka logs credentials on debug level Moderate
CVE-2023-29471 was published for com.typesafe.akka:akka-stream-kafka (Maven) Apr 27, 2023
Jenkins lambdatest-automation Plugin may expose Credentials access token Low
CVE-2023-46653 was published for org.jenkins-ci.plugins:lambdatest-automation (Maven) Oct 25, 2023
Jenkins SOASTA CloudTest Plugin stores API token in plain text Moderate
CVE-2019-10451 was published for com.soasta.jenkins:cloudtest (Maven) May 24, 2022
Jenkins Sofy.AI Plugin stores API token in plain text Moderate
CVE-2019-10447 was published for io.jenkins.plugins:sofy-ai (Maven) May 24, 2022
Passwords stored in plain text by ElasTest Plugin Moderate
CVE-2020-2274 was published for org.jenkins-ci.plugins:elastest (Maven) May 24, 2022
NotMyFault
Jenkins View26 Test-Reporting Plugin stores access token in plain text Moderate
CVE-2019-10452 was published for org.jenkins-ci.plugins:view26 (Maven) May 24, 2022
Jenkins Caliper CI Plugin stores credentials in plain text Moderate
CVE-2019-10351 was published for com.brianfromoregon:caliper-ci (Maven) May 24, 2022
Jenkins Port Allocator Plugin stores credentials in plain text Moderate
CVE-2019-10350 was published for org.jenkins-ci.plugins:port-allocator (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database