GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
92 advisories
Filter by severity
There is an insufficient authentication vulnerability in some Huawei smart phone. An...
Low
Unreviewed
CVE-2020-9250
was published
Dec 20, 2024
A security vulnerability in HPE IceWall products could be exploited remotely to cause...
Low
Unreviewed
CVE-2024-11856
was published
Dec 2, 2024
HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This...
Low
Unreviewed
CVE-2024-30119
was published
Jun 15, 2024
Password hash exposed in CraftCMS two factor authentication plugin
Low
CVE-2024-5657
was published
for
born05/craft-twofactorauthentication
(Composer)
Jun 6, 2024
Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext
Low
CVE-2024-34147
was published
for
org.jenkins-ci.plugins:telegrambot
(Maven)
May 2, 2024
Sensitive information disclosure due to insufficient token field masking. The following products...
Low
Unreviewed
CVE-2023-44158
was published
Sep 27, 2023
Jenkins NS-ND Integration Performance Publisher Plugin displays credentials without masking
Low
CVE-2023-33000
was published
for
io.jenkins.plugins:cavisson-ns-nd-integration
(Maven)
May 16, 2023
PostgresNIO processes unencrypted bytes from man-in-the-middle
Low
CVE-2023-31136
was published
for
github.com/vapor/postgres-nio
(Swift)
May 10, 2023
Jenkins BigPanda Notifier Plugin stores BigPanda API key unencrypted
Low
CVE-2022-41247
was published
for
org.jenkins-ci.plugins:bigpanda-jenkins
(Maven)
Sep 22, 2022
API token stored in plain text by Jenkins CONS3RT Plugin
Low
CVE-2022-41255
was published
for
org.jenkins-ci.plugins:cons3rt
(Maven)
Sep 22, 2022
RabbitMQ password stored in plain text by Jenkins CollabNet Plugins Plugin
Low
CVE-2022-38665
was published
for
org.jenkins-ci.plugins:collabnet
(Maven)
Aug 24, 2022
Plaintext Storage of a Password in Jenkins Elasticsearch Query Plugin
Low
CVE-2022-34807
was published
for
org.jenkins-ci.plugins:elasticsearch-query
(Maven)
Jul 1, 2022
Plaintext Storage of a Password in Jenkins Skype notifier Plugin
Low
CVE-2022-34805
was published
for
org.jenkins-ci.plugins:skype-notifier
(Maven)
Jul 1, 2022
Password stored in plain text by Jenkins RQM Plugin
Low
CVE-2022-34809
was published
for
net.praqma:rqm-plugin
(Maven)
Jul 1, 2022
Passwords stored in plain text by Jenkins hpe-network-virtualization plugin
Low
CVE-2022-34816
was published
for
org.jenkins-ci.plugins:hpe-network-virtualization
(Maven)
Jul 1, 2022
Token stored in plain text by Jenkins Cisco Spark Plugin
Low
CVE-2022-34808
was published
for
org.jenkins-ci.plugins:cisco-spark
(Maven)
Jul 1, 2022
Plaintext Storage of a Password in Jenkins Jigomerge Plugin
Low
CVE-2022-34806
was published
for
org.jenkins-ci.plugins:jigomerge
(Maven)
Jul 1, 2022
Plaintext Storage of a Password in Jenkins Build Notifications Plugin
Low
CVE-2022-34800
was published
for
tools.devnull:build-notifications
(Maven)
Jul 1, 2022
Plaintext Storage of a Password in Jenkins RocketChat Notifier Plugin
Low
CVE-2022-34802
was published
for
org.jenkins-ci.plugins:rocketchatnotifier
(Maven)
Jul 1, 2022
Plaintext Storage of a Password in Jenkins Deployment Dashboard Plugin
Low
CVE-2022-34799
was published
for
org.jenkins-ci.plugins:ec2-deployment-dashboard
(Maven)
Jul 1, 2022
Squash TM Publisher (Squash4Jenkins) Plugin stores passwords stored in plain text
Low
CVE-2022-34213
was published
for
org.jenkins-ci.plugins:squashtm-publisher
(Maven)
Jun 24, 2022
Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in...
Low
Unreviewed
CVE-2020-7299
was published
May 24, 2022
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores user credentials in plain in...
Low
Unreviewed
CVE-2019-4307
was published
May 24, 2022
An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions...
Low
Unreviewed
CVE-2021-36170
was published
May 24, 2022
Password stored in plain text by Jenkins VMware Lab Manager Slaves Plugin
Low
CVE-2020-2319
was published
for
org.jenkins-ci.plugins:labmanager
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API