GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
34 advisories
Filter by severity
"catalog's registry v2 api exposed on unauthenticated path in Harbor"
Moderate
CVE-2020-29662
was published
for
github.com/goharbor/harbor
(Go)
Feb 12, 2022
Cleartext Transmission of Sensitive Information in moment-timezone
Moderate
GHSA-v78c-4p63-2j6c
was published
for
moment-timezone
(npm)
Aug 30, 2022
Insertion of Sensitive Information into Log File in Jenkins Mask Passwords Plugin
Moderate
CVE-2019-10370
was published
for
org.jenkins-ci.plugins:mask-passwords
(Maven)
May 24, 2022
Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Moderate
CVE-2023-0055
was published
for
pyload-ng
(pip)
Jan 5, 2023
Information Disclosure via Export Module
Moderate
CVE-2022-31046
was published
for
typo3/cms
(Composer)
Jun 17, 2022
Jenkins Gitea Plugin vulnerable to Cleartext Transmission of Sensitive Information
Moderate
CVE-2022-46685
was published
for
org.jenkins-ci.plugins:gitea
(Maven)
Dec 12, 2022
Concrete CMS vulnerable to Cleartext Transmission of Sensitive Information
Moderate
CVE-2022-43691
was published
for
concrete5/concrete5
(Composer)
Nov 15, 2022
Remote Code Execution and download tracking in Mintegral SDK
Moderate
CVE-2020-7744
was published
for
com.mintegral.msdk:alphab
(Maven)
Apr 22, 2021
Source code is downloaded over cleartext HTTP in portaudio
Moderate
CVE-2016-10933
was published
for
portaudio
(Rust)
Aug 25, 2021
Cleartext Transmission of Sensitive Information in Jenkins JIRA Pipeline Steps Plugin
Moderate
CVE-2023-24440
was published
for
org.jenkins-ci.plugins:jira-steps
(Maven)
Jan 26, 2023
Insecure transport protocol in Gradle
Moderate
CVE-2019-11065
was published
for
org.gradle:gradle-core
(Maven)
May 13, 2022
Jenkins Azure Key Vault Plugin does not properly mask credentials
Moderate
CVE-2023-30514
was published
for
org.jenkins-ci.plugins:azure-keyvault
(Maven)
Apr 12, 2023
Jenkins Kubernetes Plugin does not properly mask credentials
Moderate
CVE-2023-30513
was published
for
org.csanchez.jenkins.plugins:kubernetes
(Maven)
Apr 12, 2023
Jenkins Thycotic DevOps Secrets Vault Plugin does not properly mask credentials
Moderate
CVE-2023-30515
was published
for
io.jenkins.plugins:thycotic-devops-secrets-vault
(Maven)
Apr 12, 2023
usememos/memos missing Secure cookie attribute
Moderate
CVE-2022-4683
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
Apache James server allows an attacker with local access to access private user data in transit
Moderate
CVE-2022-45935
was published
for
org.apache.james:james-server
(Maven)
Jan 6, 2023
Kibana Sensitive Data Disclosure
Moderate
CVE-2021-37939
was published
for
kibana
(npm)
May 24, 2022
Passwords transmitted in plain text by Jenkins ReadyAPI Functional Testing Plugin
Moderate
CVE-2020-2251
was published
for
org.jenkins-ci.plugins:soapui-pro-functional-testing
(Maven)
May 24, 2022
Jenkins OpsGenie Plugin vulnerable to Cleartext Transmission of Sensitive Information
Moderate
CVE-2022-34804
was published
for
org.jenkins-ci.plugins:opsgenie
(Maven)
Jul 1, 2022
Ironic and ironic-inspector may expose as ConfigMaps
Moderate
CVE-2023-30841
was published
for
github.com/metal3-io/baremetal-operator
(Go)
Apr 26, 2023
html inputs of type password recorded in plaintext when converted to text inputs
Moderate
CVE-2023-33187
was published
for
highlight.run
(npm)
May 26, 2023
Cleartext Transmission of Sensitive Information in Jenkins Configuration as Code Plugin
Moderate
CVE-2019-10363
was published
for
io.jenkins:configuration-as-code
(Maven)
May 24, 2022
Missing permission checks in Jenkins P4 Plugin
Moderate
CVE-2020-2142
was published
for
org.jenkins-ci.plugins:p4
(Maven)
May 24, 2022
Cleartext Transmission of Sensitive Information in Apache CXF
Moderate
CVE-2014-0035
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
User passwords transmitted in plain text by Jenkins Active Directory Plugin
Moderate
CVE-2022-23105
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
Jan 13, 2022
ProTip!
Advisories are also available from the
GraphQL API