GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
43 advisories
Filter by severity
nsufficiently Protected Credentials in ActiveMQ Artemis
Moderate
CVE-2020-10727
was published
for
org.apache.activemq:artemis-commons
(Maven)
May 24, 2022
Shopware contains sensitive data in backend customer module
Moderate
CVE-2022-36101
was published
for
shopware/shopware
(Composer)
Sep 16, 2022
Unencrypted storage of client side sessions
Moderate
CVE-2021-29481
was published
for
io.ratpack:ratpack-session
(Maven)
Jul 1, 2021
Instance config inline secret exposure in Grafana
Moderate
CVE-2021-41090
was published
for
github.com/grafana/agent
(Go)
Dec 8, 2021
Passwords stored in plain text by Jenkins view-cloner Plugin
Moderate
CVE-2023-24450
was published
for
org.jenkins-ci.plugins:view-cloner
(Maven)
Jan 26, 2023
Plaintext storage of Access Token in Jenkins GitHub Pull Request Coverage Status Plugin
Moderate
CVE-2023-24442
was published
for
org.jenkins-ci.plugins:github-pr-coverage-status
(Maven)
Jan 26, 2023
Plaintext Storage of a Password in Jenkins JIRA Pipeline Steps Plugin
Moderate
CVE-2023-24439
was published
for
org.jenkins-ci.plugins:jira-steps
(Maven)
Jan 26, 2023
Plaintext Storage of a Password in Jenkins TestQuality Updater Plugin
Moderate
CVE-2023-24454
was published
for
org.jenkins-ci.plugins:testquality-updater
(Maven)
Jan 26, 2023
Apache Linkis vulnerable to Exposure of Sensitive Information
Moderate
CVE-2022-44644
was published
for
org.apache.linkis:linkis
(Maven)
Jan 31, 2023
Jenkins Consul KV Builder Plugin stores HashiCorp Consul ACL Token unencrypted
Moderate
CVE-2023-30530
was published
for
org.jenkins-ci.plugins:consul-kv-builder
(Maven)
Apr 12, 2023
Jenkins Consul KV Builder Plugin stores HashiCorp Consul ACL Token unencrypted
Moderate
CVE-2023-30531
was published
for
org.jenkins-ci.plugins:consul-kv-builder
(Maven)
Apr 12, 2023
Jenkins Report Portal Plugin allows users with Item/Extended Read permission to view tokens on Jenkins controller
Moderate
CVE-2023-30523
was published
for
org.jenkins-ci.plugins:reportportal
(Maven)
Apr 12, 2023
Plaintext storage of password after a reset in org.xwiki.platform:xwiki-platform-security-authentication-default
Moderate
CVE-2022-41933
was published
for
org.xwiki.platform:xwiki-platform-security-authentication-default
(Maven)
Nov 21, 2022
Centreon Sensitive Data Exposure
Moderate
CVE-2019-17106
was published
for
centreon/centreon
(Composer)
May 24, 2022
Jenkins Port Allocator Plugin stores credentials in plain text
Moderate
CVE-2019-10350
was published
for
org.jenkins-ci.plugins:port-allocator
(Maven)
May 24, 2022
Jenkins Caliper CI Plugin stores credentials in plain text
Moderate
CVE-2019-10351
was published
for
com.brianfromoregon:caliper-ci
(Maven)
May 24, 2022
Jenkins View26 Test-Reporting Plugin stores access token in plain text
Moderate
CVE-2019-10452
was published
for
org.jenkins-ci.plugins:view26
(Maven)
May 24, 2022
Passwords stored in plain text by ElasTest Plugin
Moderate
CVE-2020-2274
was published
for
org.jenkins-ci.plugins:elastest
(Maven)
May 24, 2022
Jenkins Sofy.AI Plugin stores API token in plain text
Moderate
CVE-2019-10447
was published
for
io.jenkins.plugins:sofy-ai
(Maven)
May 24, 2022
Jenkins SOASTA CloudTest Plugin stores API token in plain text
Moderate
CVE-2019-10451
was published
for
com.soasta.jenkins:cloudtest
(Maven)
May 24, 2022
Lightbend Alpakka Kafka logs credentials on debug level
Moderate
CVE-2023-29471
was published
for
com.typesafe.akka:akka-stream-kafka
(Maven)
Apr 27, 2023
Apache James MIME4J vulnerable to information disclosure to local users
Moderate
CVE-2022-45787
was published
for
org.apache.james:apache-mime4j-storage
(Maven)
Jan 6, 2023
Cleartext Storage of Sensitive Information in HMAC SHA256 Authentication
Moderate
CVE-2023-48707
was published
for
codeigniter4/shield
(Composer)
Nov 23, 2023
Jenkins Gogs Plugin stored credentials in plain text
Moderate
CVE-2019-10348
was published
for
org.jenkins-ci.plugins:gogs-webhook
(Maven)
May 24, 2022
Credentials stored in plain text by Jenkins Copr Plugin
Moderate
CVE-2020-2177
was published
for
org.fedoraproject.jenkins.plugins:copr
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API