GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
19 advisories
Filter by severity
Snowflake JDBC Security Advisory
Moderate
CVE-2024-43382
was published
for
net.snowflake:snowflake-jdbc
(Maven)
Oct 30, 2024
Elasticsearch stores private key on disk unencrypted
Moderate
CVE-2024-23444
was published
for
org.elasticsearch:elasticsearch
(Maven)
Jul 31, 2024
Jenkins Active Directory Plugin vulnerable to Active Directory credential disclosure
Moderate
CVE-2023-37943
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
Jul 12, 2023
Jenkins Ansible Plugin stores and displays secrets in plain text
Moderate
CVE-2023-32982
was published
for
org.jenkins-ci.plugins:ansible
(Maven)
May 16, 2023
Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin
Moderate
CVE-2020-2250
was published
for
org.jenkins-ci.plugins:soapui-pro-functional-testing
(Maven)
May 24, 2022
Cleartext Transmission of Sensitive Information in Jenkins Configuration as Code Plugin
Moderate
CVE-2019-10363
was published
for
io.jenkins:configuration-as-code
(Maven)
May 24, 2022
Jenkins WebSphere Deployer Plugin stores credentials in plain text
Moderate
CVE-2019-1003056
was published
for
org.jenkins-ci.plugins:websphere-deployer
(Maven)
May 13, 2022
Jenkins CloudFormation Plugin stores credentials in plain text
Moderate
CVE-2019-1003061
was published
for
org.jenkins-ci.plugins:jenkins-cloudformation-plugin
(Maven)
May 13, 2022
Jenkins Trac Publisher Plugin stores credentials in plain text
Moderate
CVE-2019-1003067
was published
for
org.jenkins-ci.plugins:trac-publisher-plugin
(Maven)
May 13, 2022
Jenkins Jira Issue Updater Plugin stores credentials in plain text
Moderate
CVE-2019-1003054
was published
for
info.bluefloyd.jenkins:jenkins-jira-issue-updater
(Maven)
May 13, 2022
Jenkins VMware vRealize Automation Plugin Missing Encryption of Sensitive Data
Moderate
CVE-2019-1003068
was published
for
com.inkysea.vmware.vra:vmware-vrealize-automation-plugin
(Maven)
May 13, 2022
Jenkins Upload to pgyer Plugin stores credentials in plain text
Moderate
CVE-2019-1003089
was published
for
ren.helloworld:upload-pgyer
(Maven)
May 13, 2022
Jenkins wildFly Deployer Plugin stores credentials in plain text
Moderate
CVE-2019-1003072
was published
for
org.jenkins-ci.plugins:wildfly-deployer
(Maven)
May 13, 2022
Jenkins Fabric-beta-publisher Plugin stores credentials in plain text
Moderate
CVE-2019-1003088
was published
for
egor-n:fabric-beta-publisher
(Maven)
May 13, 2022
Jenkins Perfecto Mobile Plugin stores credentials in plain text
Moderate
CVE-2019-1003095
was published
for
org.jenkins-ci.plugins:perfectomobile
(Maven)
May 13, 2022
Jenkins Open STF Plugin stores credentials in plain text
Moderate
CVE-2019-1003094
was published
for
org.jenkins-ci.plugins:open-stf
(Maven)
May 13, 2022
Jenkins VS Team Services Continuous Deployment Plugin stores credentials in plain text
Moderate
CVE-2019-1003073
was published
for
org.jenkins-ci.plugins:vsts-cd
(Maven)
May 13, 2022
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows decrypting secrets
Moderate
CVE-2022-23116
was published
for
org.conjur.jenkins:conjur-credentials
(Maven)
Jan 13, 2022
Missing Encryption of Sensitive Data in arrow-kt Arrow
Moderate
CVE-2019-11404
was published
for
io.arrow-kt:arrow-ank-gradle
(Maven)
Apr 22, 2019
ProTip!
Advisories are also available from the
GraphQL API