GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
448 advisories
Filter by severity
Jenkins Google Cloud Messaging Notification Plugin stores credentials in plain text
Moderate
CVE-2019-10379
was published
for
org.jenkins-ci.plugins:gcm-notification
(Maven)
May 24, 2022
Jenkins eggplant-plugin Plugin stores credentials in plain text
Moderate
CVE-2019-10385
was published
for
org.jenkins-ci.plugins:eggplant-plugin
(Maven)
May 24, 2022
Jenkins Rundeck Plugin stored credentials in plain text
Moderate
CVE-2019-16556
was published
for
org.jenkins-ci.plugins:rundeck
(Maven)
May 24, 2022
A default engineer password set on the Hozard alarm system (Alarmsysteem) v1.0 allows an attacker...
Moderate
Unreviewed
CVE-2023-50125
was published
Jan 11, 2024
In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials...
Moderate
Unreviewed
CVE-2022-39820
was published
Dec 25, 2023
An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to...
Moderate
Unreviewed
CVE-2023-29447
was published
Jan 10, 2024
PFX Encryption Security Feature Bypass Vulnerability
Moderate
Unreviewed
CVE-2021-1731
was published
May 24, 2022
Azure Active Directory Information Disclosure Vulnerability
Moderate
Unreviewed
CVE-2021-42306
was published
Nov 25, 2021
Improper masking of credentials Jenkins in Git Plugin
Moderate
CVE-2022-38663
was published
for
org.jenkins-ci.plugins:git
(Maven)
Aug 24, 2022
Jenkins Code Dx Plugin stores API keys in plain text
Moderate
CVE-2023-2632
was published
for
org.jenkins-ci.plugins:codedx
(Maven)
May 16, 2023
Jenkins Code Dx Plugin displays API keys in plain text
Moderate
CVE-2023-2633
was published
for
org.jenkins-ci.plugins:codedx
(Maven)
May 16, 2023
Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials
Moderate
CVE-2022-25180
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Feb 16, 2022
Jenkins Support Core Plugin stores sensitive data in plain text
Moderate
CVE-2022-25187
was published
for
org.jenkins-ci.plugins:support-core
(Maven)
Feb 16, 2022
Jenkins Credentials Binding Plugin has Insufficiently Protected Credentials
Moderate
CVE-2018-1000057
was published
for
org.jenkins-ci.plugins:credentials-binding
(Maven)
May 13, 2022
Improper credentials masking in Jenkins HashiCorp Vault Plugin
Moderate
CVE-2022-23109
was published
for
com.datapipe.jenkins.plugins:hashicorp-vault-plugin
(Maven)
Jan 13, 2022
Secrets are not masked by Jenkins Credentials Binding Plugin in builds without build steps
Moderate
CVE-2020-2181
was published
for
org.jenkins-ci.plugins:credentials-binding
(Maven)
May 24, 2022
IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text...
Moderate
Unreviewed
CVE-2023-47741
was published
Dec 18, 2023
Violation Comments to GitLab Plugin has Insufficiently Protected Credentials
Moderate
CVE-2019-10416
was published
for
org.jenkins-ci.plugins:violation-comments-to-gitlab
(Maven)
May 24, 2022
Jenkins Violation Comments to GitLab Plugin has Insufficiently Protected Credentials
Moderate
CVE-2019-10415
was published
for
org.jenkins-ci.plugins:violation-comments-to-gitlab
(Maven)
May 24, 2022
Redgate SQL Change Automation Plugin stored credentials in plain text
Moderate
CVE-2020-2095
was published
for
com.redgate.plugins.redgatesqlci:redgate-sql-ci
(Maven)
May 24, 2022
IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be...
Moderate
Unreviewed
CVE-2023-47722
was published
Dec 9, 2023
A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an...
Moderate
Unreviewed
CVE-2023-6791
was published
Dec 13, 2023
Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin
Moderate
CVE-2023-50770
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Dec 13, 2023
Insufficiently Protected Credentials in Jenkins Pipeline SCM API for Blue Ocean Plugin
Moderate
CVE-2022-30952
was published
for
io.jenkins.blueocean:blueocean-pipeline-scm-api
(Maven)
May 18, 2022
Jenkins GitLab Logo Plugin stores credentials unencrypted
Moderate
CVE-2019-10429
was published
for
org.jenkins-ci.plugins:gitlab-logo
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API