GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
87 advisories
Filter by severity
Private key stored in plain text by Jenkins Google Compute Engine Plugin
Moderate
CVE-2022-29052
was published
for
org.jenkins-ci.plugins:google-compute-engine
(Maven)
Apr 13, 2022
Plaintext Storage of a Password in Jenkins Eagle Tester Plugin
Moderate
CVE-2020-2129
was published
for
com.mobileenerlytics.eagle.tester:eagle-tester
(Maven)
May 24, 2022
nsufficiently Protected Credentials in ActiveMQ Artemis
Moderate
CVE-2020-10727
was published
for
org.apache.activemq:artemis-commons
(Maven)
May 24, 2022
Fortify Plugin stored credentials in plain text
Moderate
CVE-2020-2107
was published
for
org.jenkins-ci.plugins:fortify
(Maven)
May 24, 2022
Password stored in plain text by Applatix Plugin
Moderate
CVE-2020-2133
was published
for
com.applatix.jenkins:applatix
(Maven)
May 24, 2022
Jenkins AWS CodeDeploy Plugin has Insufficiently Protected Credentials
Moderate
CVE-2018-1000402
was published
for
com.amazonaws:codedeploy
(Maven)
May 14, 2022
Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin
Moderate
CVE-2020-2318
was published
for
org.jenkins-ci.plugins:mailcommander
(Maven)
May 24, 2022
Missing permission check in Jenkins Project Inheritance Plugin
Moderate
CVE-2020-2198
was published
for
hudson.plugins:project-inheritance
(Maven)
May 24, 2022
Jenkins Sonar Gerrit Plugin stores credentials unencrypted
Moderate
CVE-2019-10467
was published
for
org.jenkins-ci.plugins:sonar-gerrit
(Maven)
May 24, 2022
Jenkins Mattermost Notification Plugin contains unencrypted storage of secret token
Moderate
CVE-2019-10459
was published
for
org.jenkins-ci.plugins:mattermost
(Maven)
May 24, 2022
Jenkins Anchore Container Scanner Plugin vulnerable to Insufficiently Protected Credentials
Moderate
CVE-2019-16542
was published
for
org.jenkins-ci.plugins:anchore-container-scanner
(Maven)
May 24, 2022
Insufficiently Protected Credentials in Elasticsearch
Moderate
CVE-2021-22132
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 18, 2021
Insufficiently Protected Credentials in Reactor Netty
Moderate
CVE-2020-5404
was published
for
io.projectreactor.netty:reactor-netty-http
(Maven)
Feb 10, 2022
Passwords stored in plain text by Jenkins Vmware vRealize CodeStream Plugin
Moderate
CVE-2022-27217
was published
for
com.vmware.vcac:vmware-vrealize-codestream
(Maven)
Mar 16, 2022
Password parameter default values exposed by Jenkins Pipeline: Build Step Plugin
Moderate
CVE-2022-25184
was published
for
org.jenkins-ci.plugins:pipeline-build-step
(Maven)
Feb 16, 2022
Jenkins Data Theorem Mobile Security: CI/CD Plugin has Insufficiently Protected Credentials
Moderate
CVE-2019-10413
was published
for
com.datatheorem.mobileappsecurity.jenkins.plugin:datatheorem-mobile-app-security
(Maven)
May 24, 2022
Jenkins Azure Event Grid Build Notifier Plugin has Insufficiently Protected Credentials
Moderate
CVE-2019-10421
was published
for
org.jenkins-ci.plugins:azure-event-grid-notifier
(Maven)
May 24, 2022
Jenkins Call Remote Job Plugin has Insufficiently Protected Credentials
Moderate
CVE-2019-10422
was published
for
org.ukiuni.callOtherJenkins:call-remote-job-plugin
(Maven)
May 24, 2022
Jenkins Google Calendar Plugin has Insufficiently Protected Credentials
Moderate
CVE-2019-10425
was published
for
org.jenkins-ci.plugins:gcal
(Maven)
May 24, 2022
Plaintext Storage of a Password in Jenkins Convertigo Mobile Platform Plugin
Moderate
CVE-2022-34199
was published
for
com.convertigo.jenkins.plugins:convertigo-mobile-platform
(Maven)
Jun 24, 2022
Jenkins Gem Publisher Plugin stores credentials as plaintext
Moderate
CVE-2019-10426
was published
for
net.arangamani.jenkins:gem-publisher
(Maven)
May 24, 2022
Plaintext storage of password after a reset in org.xwiki.platform:xwiki-platform-security-authentication-default
Moderate
CVE-2022-41933
was published
for
org.xwiki.platform:xwiki-platform-security-authentication-default
(Maven)
Nov 21, 2022
Personal tokens stored in plain text by Jenkins incapptic connect uploader Plugin
Moderate
CVE-2022-27218
was published
for
com.incapptic.plugins:incapptic-connect-uploader
(Maven)
Mar 16, 2022
Insufficiently Protected Credentials via Insecure Temporary File in org.apache.nifi:nifi-single-user-utils
Moderate
CVE-2022-26850
was published
for
org.apache.nifi:nifi-single-user-utils
(Maven)
Jun 20, 2022
API keys stored in plain text by Jenkins Katalon Plugin
Moderate
CVE-2022-43419
was published
for
org.jenkins-ci.plugins:katalon
(Maven)
Oct 19, 2022
ProTip!
Advisories are also available from the
GraphQL API