Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

41 advisories

Loading
Elasticsearch stores private key on disk unencrypted Moderate
CVE-2024-23444 was published for org.elasticsearch:elasticsearch (Maven) Jul 31, 2024
Jenkins Active Directory Plugin vulnerable to Active Directory credential disclosure Moderate
CVE-2023-37943 was published for org.jenkins-ci.plugins:active-directory (Maven) Jul 12, 2023
Jenkins Ansible Plugin stores and displays secrets in plain text Moderate
CVE-2023-32982 was published for org.jenkins-ci.plugins:ansible (Maven) May 16, 2023
Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin Moderate
CVE-2020-2250 was published for org.jenkins-ci.plugins:soapui-pro-functional-testing (Maven) May 24, 2022
NotMyFault
Secret stored in plain text by Jenkins Parameterized Remote Trigger Plugin Low
CVE-2020-2239 was published for org.jenkins-ci.plugins:Parameterized-Remote-Trigger (Maven) May 24, 2022
NotMyFault
Credentials stored in plain text by Jenkins tfs Plugin Low
CVE-2020-2249 was published for org.jenkins-ci.plugins:tfs (Maven) May 24, 2022
NotMyFault
Cleartext Transmission of Sensitive Information in Jenkins Configuration as Code Plugin Moderate
CVE-2019-10363 was published for io.jenkins:configuration-as-code (Maven) May 24, 2022
OpenAPI Tools OpenAPI Generator uses HTTP in various files High
CVE-2019-11405 was published for org.openapitools:openapi-generator (Maven) May 24, 2022
Missing Encryption of Sensitive Data in Apache Guacamole High
CVE-2018-1340 was published for org.apache.guacamole:guacamole-common (Maven) May 13, 2022
Jenkins IRC Plugin stores credentials in plain text Low
CVE-2019-1003051 was published for org.jvnet.hudson.plugins:ircbot (Maven) May 13, 2022
Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials in plain text Low
CVE-2019-1003052 was published for org.jenkins-ci.plugins:aws-beanstalk-publisher-plugin (Maven) May 13, 2022
Jenkins OWASP ZAP Plugin stores unencrypted credentials Low
CVE-2019-1003060 was published for org.jenkins-ci.plugins:zap (Maven) May 13, 2022
Jenkins WebSphere Deployer Plugin stores credentials in plain text Moderate
CVE-2019-1003056 was published for org.jenkins-ci.plugins:websphere-deployer (Maven) May 13, 2022
Jenkins Bitbucket Approve Plugin stores credentials in plain text Low
CVE-2019-1003057 was published for org.jenkins-ci.plugins:bitbucket-approve (Maven) May 13, 2022
Jenkins HockeyApp Plugin stores credentials in plain text High
CVE-2019-1003053 was published for org.jenkins-ci.plugins:hockeyapp (Maven) May 13, 2022
Jenkins Aqua Security Scanner Plugin stores credentials in plain text Low
CVE-2019-1003069 was published for org.jenkins-ci.plugins:aqua-security-scanner (Maven) May 13, 2022
Jenkins Amazon SNS Build Notifier Plugin stores credentials in plain text Low
CVE-2019-1003063 was published for org.jenkins-ci.plugins:snsnotify (Maven) May 13, 2022
Jenkins VMware vRealize Automation Plugin Missing Encryption of Sensitive Data Moderate
CVE-2019-1003068 was published for com.inkysea.vmware.vra:vmware-vrealize-automation-plugin (Maven) May 13, 2022
Jenkins veracode-scanner Plugin stores credentials in plain text Low
CVE-2019-1003070 was published for org.jenkins-ci.plugins:veracode-scanner (Maven) May 13, 2022
Jenkins FTP publisher Plugin stores credentials in plain text Low
CVE-2019-1003055 was published for org.jvnet.hudson.plugins:ftppublisher (Maven) May 13, 2022
Jenkins aws-device-farm Plugin stores credentials in plain text Low
CVE-2019-1003064 was published for org.jenkins-ci.plugins:aws-device-farm (Maven) May 13, 2022
Jenkins Jira Issue Updater Plugin stores credentials in plain text Moderate
CVE-2019-1003054 was published for info.bluefloyd.jenkins:jenkins-jira-issue-updater (Maven) May 13, 2022
Jenkins Trac Publisher Plugin stores credentials in plain text Moderate
CVE-2019-1003067 was published for org.jenkins-ci.plugins:trac-publisher-plugin (Maven) May 13, 2022
Jenkins CloudFormation Plugin stores credentials in plain text Moderate
CVE-2019-1003061 was published for org.jenkins-ci.plugins:jenkins-cloudformation-plugin (Maven) May 13, 2022
Jenkins Bugzilla Plugin stores credentials in plain text Low
CVE-2019-1003066 was published for org.jvnet.hudson.plugins:bugzilla (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API