GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
53 advisories
Filter by severity
Information disclosure through error object in auth0.js
High
CVE-2020-5263
was published
for
auth0-js
(npm)
Apr 10, 2020
In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin.
High
CVE-2021-45457
was published
for
org.apache.kylin:kylin
(Maven)
Jan 8, 2022
AWS CodeDeploy Plugin stored AWS Secret Key in plain text
High
CVE-2018-1000403
was published
for
com.amazonaws:codedeploy
(Maven)
May 13, 2022
Insufficiently Protected Credentials in PowerJob
High
CVE-2020-28865
was published
for
com.github.kfcfans:powerjob
(Maven)
Jun 17, 2022
Insufficiently Protected Credentials and Improper Authentication in Spring Security
High
CVE-2019-11272
was published
for
org.springframework.security:spring-security-cas
(Maven)
Jun 27, 2019
Incorrect implementation of lockout feature in Keycloak
High
CVE-2021-3513
was published
for
org.keycloak:keycloak-parent
(Maven)
Aug 23, 2022
Apache Dolphin Scheduler has insufficiently protected credentials
High
CVE-2022-26885
was published
for
org.apache.dolphinscheduler:dolphinscheduler-common
(Maven)
Nov 24, 2022
Exposure of repository credentials to external third-party sources in Rancher
High
CVE-2021-36778
was published
for
github.com/rancher/rancher
(Go)
May 2, 2022
Jenkins Configuration as Code Plugin has Insufficiently Protected Credentials
High
CVE-2018-1000610
was published
for
io.jenkins:configuration-as-code
(Maven)
May 13, 2022
Jenkins AWS CodePipeline Plugin has Insufficiently Protected Credentials
High
CVE-2018-1000401
was published
for
com.amazonaws:aws-codepipeline
(Maven)
May 13, 2022
Insufficiently Protected Credentials in Jenkins AWS CodeBuild Plugin
High
CVE-2018-1000404
was published
for
com.amazonaws:aws-codebuild
(Maven)
May 13, 2022
Jenkins Build-Publisher plugin has Insufficiently Protected Credentials
High
CVE-2017-1000387
was published
for
org.jenkins-ci.plugins:build-publisher
(Maven)
May 13, 2022
Jenkins Dynatrace Plugin vulnerable to Insufficiently Protected Credentials
High
CVE-2019-10461
was published
for
org.jenkins-ci.plugins:dynatrace-dashboard
(Maven)
May 24, 2022
Insufficiently Protected Credentials in Pivotal Reactor Netty
High
CVE-2019-11284
was published
for
io.projectreactor.netty:reactor-netty
(Maven)
Oct 23, 2019
Insufficiently Protected Credentials in Apache Tomcat
High
CVE-2019-12418
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Dec 26, 2019
Insufficient Nonce Validation in Eclipse Milo Client
High
CVE-2019-19135
was published
for
org.eclipse.milo:sdk-client
(Maven)
Mar 16, 2020
Private key leak in Apache CXF
High
CVE-2019-12423
was published
for
org.apache.cxf:apache-cxf
(Maven)
May 22, 2020
Improper permission handling in Apache Solr
High
CVE-2021-29262
was published
for
org.apache.solr:solr-core
(Maven)
May 10, 2021
Basic-auth app bundle credential exposure in gatsby-source-wordpress
High
CVE-2021-32770
was published
for
gatsby-source-wordpress
(npm)
Jul 19, 2021
Jenkins Zulip Plugin vulnerable to Insufficiently Protected Credentials
High
CVE-2019-10476
was published
for
org.jenkins-ci.plugins:zulip
(Maven)
May 24, 2022
Containous Traefik Exposes Password Hashes
High
CVE-2019-12452
was published
for
github.com/traefik/traefik
(Go)
May 24, 2022
Password exposure in ShenYu
High
CVE-2022-23223
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin
High
CVE-2019-10448
was published
for
jenkins.xtc:extensivetesting
(Maven)
May 24, 2022
Weave GitOps Terraform Controller Information Disclosure Vulnerability
High
CVE-2023-34236
was published
for
github.com/weaveworks/tf-controller
(Go)
Jul 14, 2023
ProTip!
Advisories are also available from the
GraphQL API