Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

53 advisories

Loading
Openstack cinder Improper handling of ScaleIO backend credentials High
CVE-2020-10755 was published for cinder (pip) May 24, 2022
Apache Superset allowed for database connections password leak for authenticated users High
CVE-2021-41972 was published for apache-superset (pip) May 24, 2022
Ansible password prompts could expose passwords High
CVE-2019-10206 was published for ansible (pip) May 24, 2022
tdunlap607
Insufficiently Protected Credentials in Apache Superset High
CVE-2021-44451 was published for apache-superset (pip) Feb 2, 2022
Exposure of vSphere's CPI and CSI credentials in Rancher High
CVE-2022-45157 was published for github.com/rancher/rancher (Go) Oct 25, 2024
OpenRefine leaks Google API credentials in releases High
GHSA-3pg4-qwc8-426r was published for org.openrefine:openrefine (Maven) Oct 24, 2024
Insufficiently Protected Credentials in Requests High
CVE-2018-18074 was published for requests (pip) Oct 29, 2018
OAuth2 client ID and secret exposed through the web browser High
CVE-2024-9014 was published for pgadmin4 (pip) Sep 23, 2024
m3t3kh4n
OpenStack Identity Keystone and keystonemiddleware Insufficiently Protected Credentials High
CVE-2015-7546 was published for keystone (pip) May 13, 2022
OpenStack Keystone Credential Leakage High
CVE-2019-19687 was published for keystone (pip) May 24, 2022
django-nopassword stores secrets in cleartext High
CVE-2019-10682 was published for django-nopassword (pip) Jun 5, 2020
Ansible Exposes Sensitive Information High
CVE-2021-20228 was published for ansible (pip) May 25, 2022
Craft CMS discloses password hashes High
CVE-2022-37783 was published for craftcms/cms (Composer) Dec 5, 2022
apko Exposure of HTTP basic auth credentials in log output High
CVE-2024-36127 was published for chainguard.dev/apko (Go) Jun 4, 2024
kolloch
Apache Kylin has Insufficiently Protected Credentials High
CVE-2023-29055 was published for org.apache.kylin:kylin-core-common (Maven) Jan 29, 2024
Jenkins Artifactory Plugin stored old directly entered credentials unencrypted on disk High
CVE-2018-1000424 was published for org.jenkins-ci.plugins:artifactory (Maven) May 13, 2022
Jenkins SonarQube Scanner Plugin stored server authentication token in plain text High
CVE-2018-1000425 was published for org.jenkins-ci.plugins:sonar (Maven) May 13, 2022
Jenkins Kmap Plugin stores credentials in plain text High
CVE-2019-10294 was published for org.jenkins-ci.plugins:kmap-jenkins (Maven) May 13, 2022
Jenkins StarTeam Plugin stores credentials in plain text High
CVE-2019-10277 was published for hudson.plugins:starteam (Maven) May 13, 2022
Jenkins Assembla Auth Plugin stores credentials in plain text High
CVE-2019-10280 was published for org.jenkins-ci.plugins:assembla-auth (Maven) May 13, 2022
Jenkins Crowd 2 Integration Plugin stored credentials in plain text High
CVE-2018-1000423 was published for org.jenkins-ci.plugins:crowd2 (Maven) May 13, 2022
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables High
CVE-2023-46115 was published for @tauri-apps/cli (npm) Oct 20, 2023
Jenkins Bitbucket OAuth Plugin contains Insufficiently Protected Credentials High
CVE-2019-10460 was published for org.jenkins-ci.plugins:bitbucket-oauth (Maven) May 24, 2022
Plaintext password storage in Jenkins InfluxDB Plugin High
CVE-2019-10329 was published for org.jenkins-ci.plugins:influxdb (Maven) May 24, 2022
westonsteimel
Opencast publishes global system account credentials High
CVE-2018-16153 was published for org.opencastproject:opencast-common (Maven) Dec 14, 2021
gregorydlogan lkiesow
smarquard
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database