GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
38 advisories
Filter by severity
make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command...
Low
Unreviewed
CVE-2007-5626
was published
May 1, 2022
Jenkins Aqua Security Serverless Scanner Plugin showed plain text password in job configuration form fields
Low
CVE-2019-10397
was published
for
org.jenkins-ci.plugins:aqua-serverless
(Maven)
May 24, 2022
Jenkins Inedo BuildMaster Plugin showed plain text password in configuration form
Low
CVE-2019-10411
was published
for
com.inedo.proget:inedo-proget
(Maven)
May 24, 2022
Jenkins Inedo ProGet Plugin Plugin has Cleartext Transmission of Sensitive Information
Low
CVE-2019-10412
was published
for
com.inedo.proget:inedo-proget
(Maven)
May 24, 2022
On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200,...
Low
Unreviewed
CVE-2019-0069
was published
May 24, 2022
Jenkins QMetry for JIRA Plugin shows plain text password in configuration form
Low
CVE-2019-16545
was published
for
org.jenkins-ci.plugins:qmetry-for-jira-test-management
(Maven)
May 24, 2022
Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration
Low
CVE-2020-2114
was published
for
org.jenkins-ci.plugins:s3
(Maven)
May 24, 2022
Credentials transmitted in plain text by Jenkins Logstash Plugin
Low
CVE-2020-2143
was published
for
org.jenkins-ci.plugins:logstash
(Maven)
May 24, 2022
Credentials transmitted in plain text by Repository Connector Plugin
Low
CVE-2020-2149
was published
for
org.jenkins-ci.plugins:repository-connector
(Maven)
May 24, 2022
Jenkins Quality Gates Plugin transmits credentials in plain text during configuration
Low
CVE-2020-2151
was published
for
org.jenkins-ci.plugins:quality-gates
(Maven)
May 24, 2022
Jenkins Sonar Quality Gates Plugin transmits credentials in plain text during configuration
Low
CVE-2020-2150
was published
for
org.jenkins-ci.plugins:sonar-quality-gates
(Maven)
May 24, 2022
Credentials transmitted in plain text by Backlog Plugin
Low
CVE-2020-2153
was published
for
org.jenkins-ci.plugins:backlog
(Maven)
May 24, 2022
Credentials transmitted in plain text by OpenShift Deployer Plugin
Low
CVE-2020-2155
was published
for
org.jenkins-ci.plugins:openshift-deployer
(Maven)
May 24, 2022
Credentials transmitted in plain text by Jenkins DeployHub Plugin
Low
CVE-2020-2156
was published
for
com.openmake:deployhub
(Maven)
May 24, 2022
Credentials transmitted in plain text by Skytap Cloud CI Plugin
Low
CVE-2020-2157
was published
for
org.jenkins-ci.plugins:skytap
(Maven)
May 24, 2022
Passwords transmitted in plain text by Jenkins Artifactory Plugin
Low
CVE-2020-2165
was published
for
org.jenkins-ci.plugins:artifactory
(Maven)
May 24, 2022
The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon...
Low
Unreviewed
CVE-2019-19107
was published
May 24, 2022
Passwords transmitted in plain text by Jenkins Stash Branch Parameter Plugin
Low
CVE-2020-2210
was published
for
org.jenkins-ci.plugins:StashBranchParameter
(Maven)
May 24, 2022
Jenkins Email Extension Plugin SMTP password transmitted and displayed in plain text
Low
CVE-2020-2232
was published
for
org.jenkins-ci.plugins:email-ext
(Maven)
May 24, 2022
GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on Android allows attackers to...
Low
Unreviewed
CVE-2021-31815
was published
May 24, 2022
BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to...
Low
Unreviewed
CVE-2019-18248
was published
May 24, 2022
Cleartext Storage of Sensitive Information in Jenkins Build Notifications Plugin
Low
CVE-2022-34801
was published
for
tools.devnull:build-notifications
(Maven)
Jul 1, 2022
Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1...
Low
Unreviewed
CVE-2022-33724
was published
Aug 6, 2022
HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session...
Low
Unreviewed
CVE-2021-42948
was published
Sep 17, 2022
On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7,...
Low
Unreviewed
CVE-2022-41983
was published
Oct 20, 2022
ProTip!
Advisories are also available from the
GraphQL API