Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

176 advisories

Loading
RabbitMQ password stored in plain text by Jenkins CollabNet Plugins Plugin Low
CVE-2022-38665 was published for org.jenkins-ci.plugins:collabnet (Maven) Aug 24, 2022
NotMyFault
Incorrect implementation of lockout feature in Keycloak High
CVE-2021-3513 was published for org.keycloak:keycloak-parent (Maven) Aug 23, 2022
Plaintext Storage of a Password in Jenkins Elasticsearch Query Plugin Low
CVE-2022-34807 was published for org.jenkins-ci.plugins:elasticsearch-query (Maven) Jul 1, 2022
NotMyFault
Plaintext Storage of a Password in Jenkins Skype notifier Plugin Low
CVE-2022-34805 was published for org.jenkins-ci.plugins:skype-notifier (Maven) Jul 1, 2022
NotMyFault
Jenkins OpsGenie Plugin Plaintext Storage of a Password vulnerability Moderate
CVE-2022-34803 was published for org.jenkins-ci.plugins:opsgenie (Maven) Jul 1, 2022
Plaintext Storage of a Password in Jenkins Jigomerge Plugin Low
CVE-2022-34806 was published for org.jenkins-ci.plugins:jigomerge (Maven) Jul 1, 2022
NotMyFault
Password stored in plain text by Jenkins RQM Plugin Low
CVE-2022-34809 was published for net.praqma:rqm-plugin (Maven) Jul 1, 2022
NotMyFault
Passwords stored in plain text by Jenkins hpe-network-virtualization plugin Low
CVE-2022-34816 was published for org.jenkins-ci.plugins:hpe-network-virtualization (Maven) Jul 1, 2022
NotMyFault
Token stored in plain text by Jenkins Cisco Spark Plugin Low
CVE-2022-34808 was published for org.jenkins-ci.plugins:cisco-spark (Maven) Jul 1, 2022
NotMyFault
Plaintext Storage of a Password in Jenkins Build Notifications Plugin Low
CVE-2022-34800 was published for tools.devnull:build-notifications (Maven) Jul 1, 2022
NotMyFault
Plaintext Storage of a Password in Jenkins Deployment Dashboard Plugin Low
CVE-2022-34799 was published for org.jenkins-ci.plugins:ec2-deployment-dashboard (Maven) Jul 1, 2022
NotMyFault
Plaintext Storage of a Password in Jenkins RocketChat Notifier Plugin Low
CVE-2022-34802 was published for org.jenkins-ci.plugins:rocketchatnotifier (Maven) Jul 1, 2022
NotMyFault
Jenkins Deployment Dashboard Plugin has Insufficiently Protected Credentials Moderate
CVE-2022-34796 was published for org.jenkins-ci.plugins:ec2-deployment-dashboard (Maven) Jul 1, 2022
Squash TM Publisher (Squash4Jenkins) Plugin stores passwords stored in plain text Low
CVE-2022-34213 was published for org.jenkins-ci.plugins:squashtm-publisher (Maven) Jun 24, 2022
westonsteimel NotMyFault
Plaintext Storage of a Password in Jenkins Convertigo Mobile Platform Plugin Moderate
CVE-2022-34199 was published for com.convertigo.jenkins.plugins:convertigo-mobile-platform (Maven) Jun 24, 2022
NotMyFault
Insufficiently Protected Credentials via Insecure Temporary File in org.apache.nifi:nifi-single-user-utils Moderate
CVE-2022-26850 was published for org.apache.nifi:nifi-single-user-utils (Maven) Jun 20, 2022
JLLeitschuh
Insufficiently Protected Credentials in PowerJob High
CVE-2020-28865 was published for com.github.kfcfans:powerjob (Maven) Jun 17, 2022
Jenkins GitLab Logo Plugin stores credentials unencrypted Moderate
CVE-2019-10429 was published for org.jenkins-ci.plugins:gitlab-logo (Maven) May 24, 2022
Jenkins Gem Publisher Plugin stores credentials as plaintext Moderate
CVE-2019-10426 was published for net.arangamani.jenkins:gem-publisher (Maven) May 24, 2022
Plaintext password storage in Jenkins InfluxDB Plugin High
CVE-2019-10329 was published for org.jenkins-ci.plugins:influxdb (Maven) May 24, 2022
westonsteimel
Password stored in plain text by Jenkins Nomad Plugin Moderate
CVE-2021-21681 was published for org.jenkins-ci.plugins:nomad (Maven) May 24, 2022
NotMyFault tdunlap607
Passwords stored in plain text by Jenkins Jabber (XMPP) notifier and control Plugin Moderate
CVE-2021-21634 was published for org.jvnet.hudson.plugins:jabber (Maven) May 24, 2022
NotMyFault
Credentials stored in plain text by Jenkins TraceTronic ECU-TEST Plugin Moderate
CVE-2021-21612 was published for de.tracetronic.jenkins.plugins:ecutest (Maven) May 24, 2022
NotMyFault
Credentials stored in plain text by Jenkins Bumblebee HP ALM Plugin Moderate
CVE-2021-21614 was published for org.jenkins-ci.plugins:bumblebee (Maven) May 24, 2022
NotMyFault
Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin Moderate
CVE-2020-2318 was published for org.jenkins-ci.plugins:mailcommander (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database