GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
227 advisories
Filter by severity
Exposure of vSphere's CPI and CSI credentials in Rancher
High
CVE-2022-45157
was published
for
github.com/rancher/rancher
(Go)
Oct 25, 2024
OpenRefine leaks Google API credentials in releases
High
GHSA-3pg4-qwc8-426r
was published
for
org.openrefine:openrefine
(Maven)
Oct 24, 2024
OpenC3 stores passwords in clear text (`GHSL-2024-129`)
Moderate
CVE-2024-47529
was published
for
@openc3/tool-common
(RubyGems)
Oct 2, 2024
Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission
Moderate
CVE-2024-47805
was published
for
org.jenkins-ci.plugins:credentials
(Maven)
Oct 2, 2024
OAuth2 client ID and secret exposed through the web browser
High
CVE-2024-9014
was published
for
pgadmin4
(pip)
Sep 23, 2024
Grafana plugin SDK Information Leakage
Critical
CVE-2024-8986
was published
for
github.com/grafana/grafana-plugin-sdk-go
(Go)
Sep 19, 2024
Apereo CAS vulnerable to credential leaks for LDAP authentication
Moderate
CVE-2023-28857
was published
for
org.apereo.cas:cas-server-support-x509-core
(Maven)
Aug 5, 2024
Docker CLI leaks private registry credentials to registry-1.docker.io
Moderate
CVE-2021-41092
was published
for
github.com/docker/cli
(Go)
Jun 10, 2024
Password hash exposed in CraftCMS two factor authentication plugin
Low
CVE-2024-5657
was published
for
born05/craft-twofactorauthentication
(Composer)
Jun 6, 2024
apko Exposure of HTTP basic auth credentials in log output
High
CVE-2024-36127
was published
for
chainguard.dev/apko
(Go)
Jun 4, 2024
SimpleSAMLphp exposes credentials in session storage
Moderate
GHSA-7wh8-jrq7-p27f
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 28, 2024
Trivy possibly leaks registry credential when scanning images from malicious registries
Moderate
CVE-2024-35192
was published
for
github.com/aquasecurity/trivy
(Go)
May 20, 2024
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
Moderate
CVE-2022-31130
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext
Low
CVE-2024-34147
was published
for
org.jenkins-ci.plugins:telegrambot
(Maven)
May 2, 2024
Azure Identity Library for .NET Information Disclosure Vulnerability
Moderate
CVE-2024-29992
was published
for
Azure.Identity
(NuGet)
Apr 9, 2024
Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies
Moderate
CVE-2023-50291
was published
for
org.apache.solr:solr-core
(Maven)
Feb 9, 2024
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance
Moderate
CVE-2024-24595
was published
for
clearml
(pip)
Feb 6, 2024
Apache Kylin has Insufficiently Protected Credentials
High
CVE-2023-29055
was published
for
org.apache.kylin:kylin-core-common
(Maven)
Jan 29, 2024
Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin
Moderate
CVE-2023-50770
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Dec 13, 2023
Data leak of password hash through change requests
High
CVE-2023-49280
was published
for
org.xwiki.contrib.changerequest:application-changerequest-default
(Maven)
Dec 5, 2023
Jenkins Jira Plugin vulnerable to exposure of system-scoped credentials
Moderate
CVE-2023-49653
was published
for
org.jenkins-ci.plugins:jira
(Maven)
Nov 29, 2023
Jenkins Warnings Plugin exposures system-scoped credentials
Moderate
CVE-2023-46651
was published
for
io.jenkins.plugins:warnings-ng
(Maven)
Oct 25, 2023
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables
High
CVE-2023-46115
was published
for
@tauri-apps/cli
(npm)
Oct 20, 2023
OpenStack Barbican credential leak flaw
Moderate
CVE-2023-1633
was published
for
barbican
(pip)
Sep 24, 2023
Jenkins Delphix Plugin vulnerable to exposure of system-scoped credentials
Moderate
CVE-2023-40345
was published
for
org.jenkins-ci.plugins:delphix
(Maven)
Aug 16, 2023
ProTip!
Advisories are also available from the
GraphQL API