GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
224 advisories
Filter by severity
Pimcore customers' list user password hash is disclosed
Moderate
CVE-2023-2881
was published
for
pimcore/customer-management-framework-bundle
(Composer)
May 25, 2023
Hazelcast vulnerable to unmasked password exposure
Moderate
CVE-2023-33264
was published
for
com.hazelcast:hazelcast
(Maven)
May 22, 2023
Jenkins NS-ND Integration Performance Publisher Plugin displays credentials without masking
Low
CVE-2023-33000
was published
for
io.jenkins.plugins:cavisson-ns-nd-integration
(Maven)
May 16, 2023
Jenkins Code Dx Plugin stores API keys in plain text
Moderate
CVE-2023-2632
was published
for
org.jenkins-ci.plugins:codedx
(Maven)
May 16, 2023
Jenkins Code Dx Plugin displays API keys in plain text
Moderate
CVE-2023-2633
was published
for
org.jenkins-ci.plugins:codedx
(Maven)
May 16, 2023
PostgresNIO processes unencrypted bytes from man-in-the-middle
Low
CVE-2023-31136
was published
for
github.com/vapor/postgres-nio
(Swift)
May 10, 2023
Potential leak of authentication data to 3rd parties
Critical
CVE-2023-30846
was published
for
typed-rest-client
(npm)
Apr 27, 2023
scs-library-client may leak user credentials to third-party service via HTTP redirect
Moderate
CVE-2022-23538
was published
for
github.com/sylabs/scs-library-client
(Go)
Jan 20, 2023
Craft CMS discloses password hashes
High
CVE-2022-37783
was published
for
craftcms/cms
(Composer)
Dec 5, 2022
Apache Dolphin Scheduler has insufficiently protected credentials
High
CVE-2022-26885
was published
for
org.apache.dolphinscheduler:dolphinscheduler-common
(Maven)
Nov 24, 2022
Plaintext storage of password after a reset in org.xwiki.platform:xwiki-platform-security-authentication-default
Moderate
CVE-2022-41933
was published
for
org.xwiki.platform:xwiki-platform-security-authentication-default
(Maven)
Nov 21, 2022
Jenkins Reverse Proxy Auth Plugin vulnerable due to plaintext storage of passwords
Moderate
CVE-2022-45384
was published
for
org.jenkins-ci.main:reverse-proxy-auth-plugin
(Maven)
Nov 16, 2022
Plaintext Storage of a Password in Jenkins NS-ND Integration Performance Publisher Plugin
Moderate
CVE-2022-45392
was published
for
io.jenkins.plugins:cavisson-ns-nd-integration
(Maven)
Nov 16, 2022
Exfiltration of hashed SMB credentials on Windows via file:// redirect
Moderate
CVE-2022-36077
was published
for
electron
(npm)
Nov 10, 2022
Plaintext storage of tokens in pulp_ansible
Moderate
CVE-2022-3644
was published
for
pulp-ansible
(pip)
Oct 25, 2022
API keys stored in plain text by Jenkins Katalon Plugin
Moderate
CVE-2022-43419
was published
for
org.jenkins-ci.plugins:katalon
(Maven)
Oct 19, 2022
Jenkins BigPanda Notifier Plugin stores BigPanda API key unencrypted
Low
CVE-2022-41247
was published
for
org.jenkins-ci.plugins:bigpanda-jenkins
(Maven)
Sep 22, 2022
API token stored in plain text by Jenkins CONS3RT Plugin
Low
CVE-2022-41255
was published
for
org.jenkins-ci.plugins:cons3rt
(Maven)
Sep 22, 2022
python-oslo-utils has improper password parsing
Moderate
CVE-2022-0718
was published
for
oslo-utils
(pip)
Aug 29, 2022
RabbitMQ password stored in plain text by Jenkins CollabNet Plugins Plugin
Low
CVE-2022-38665
was published
for
org.jenkins-ci.plugins:collabnet
(Maven)
Aug 24, 2022
Improper masking of credentials Jenkins in Git Plugin
Moderate
CVE-2022-38663
was published
for
org.jenkins-ci.plugins:git
(Maven)
Aug 24, 2022
Incorrect implementation of lockout feature in Keycloak
High
CVE-2021-3513
was published
for
org.keycloak:keycloak-parent
(Maven)
Aug 23, 2022
rpc.py vulnerable to Deserialization of Untrusted Data
Critical
CVE-2022-35411
was published
for
rpc.py
(pip)
Jul 9, 2022
Token stored in plain text by Jenkins Cisco Spark Plugin
Low
CVE-2022-34808
was published
for
org.jenkins-ci.plugins:cisco-spark
(Maven)
Jul 1, 2022
Jenkins OpsGenie Plugin Plaintext Storage of a Password vulnerability
Moderate
CVE-2022-34803
was published
for
org.jenkins-ci.plugins:opsgenie
(Maven)
Jul 1, 2022
ProTip!
Advisories are also available from the
GraphQL API