Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,711
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

342 advisories

Loading
Jenkins Aqua MicroScanner Plugin stored credentials in plain text Low
CVE-2019-10316 was published for org.jenkins-ci.plugins:aqua-microscanner (Maven) May 24, 2022
Passwords stored in plain text by Jenkins Artifactory Plugin Low
CVE-2020-2164 was published for org.jenkins-ci.plugins:artifactory (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Jenkins Zephyr for JIRA Test Management Plugin stores credentials in plain text Low
CVE-2020-2154 was published for org.jenkins-ci.plugins:zephyr-for-jira-test-management (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Password stored in plain text by Jenkins HP ALM Quality Center Plugin Low
CVE-2020-2218 was published for org.jenkins-ci.plugins:hp-quality-center (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Jenkins TestLink Plugin stores credentials in plain text Low
CVE-2019-10378 was published for org.jenkins-ci.plugins:testlink (Maven) May 24, 2022
Jenkins Inedo BuildMaster Plugin showed plain text password in configuration form Low
CVE-2019-10411 was published for com.inedo.proget:inedo-proget (Maven) May 24, 2022
Credentials stored in plain text by Jenkins tfs Plugin Low
CVE-2020-2249 was published for org.jenkins-ci.plugins:tfs (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Password stored in plain text by Jenkins couchdb-statistics Plugin Low
CVE-2020-2291 was published for org.jenkins-ci.plugins:couchdb-statistics (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Access token stored in plain text by Jenkins SMS Notification Plugin Low
CVE-2020-2297 was published for com.hoiio.jenkins:sms (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Jenkins QMetry for JIRA Plugin shows plain text password in configuration form Low
CVE-2019-16545 was published for org.jenkins-ci.plugins:qmetry-for-jira-test-management (Maven) May 24, 2022
Graylog user session is still usable after logout Low
CVE-2023-41041 was published for org.graylog2:graylog2-server (Maven) Jul 6, 2023
thll
Credited to thll
Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies Low
CVE-2023-26049 was published for org.eclipse.jetty:jetty-server (Maven) Apr 18, 2023
arxenix jeffalder
Credited to arxenix and jeffalder
Graylog vulnerable to insecure source port usage for DNS queries Low
CVE-2023-41045 was published for org.graylog2:graylog2-server (Maven) Jul 6, 2023
Iratxe001 borjam
Credited to Iratxe001 and borjam
Graylog server has partial path traversal vulnerability in Support Bundle feature Low
CVE-2023-41044 was published for org.graylog2:graylog2-server (Maven) Jul 6, 2023
weiweiwei9811
Credited to weiweiwei9811
Apache Camel information exposure vulnerability Low
CVE-2023-34442 was published for org.apache.camel:camel-jira (Maven) Jul 10, 2023
Cross-site Scripting in Mingsoft MCMS Low
CVE-2023-3990 was published for net.mingsoft:ms-mcms (Maven) Jul 28, 2023
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes Low
CVE-2023-41329 was published for com.github.tomakehurst:wiremock-jre8 (Maven) Sep 8, 2023
W0rty numacanedo
tomakehurst Mahoney oleg-nenashev
Credited to W0rty, numacanedo, tomakehurst, Mahoney, and oleg-nenashev
Jenkins temporary uploaded file created with insecure permissions Low
CVE-2023-43497 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 20, 2023
RuoYi vulnerable to Cross-site Scripting Low
CVE-2023-3815 was published for com.ruoyi:ruoyi (Maven) Jul 21, 2023
Signing DynamoDB Sets when using the AWS Database Encryption SDK. Low
GHSA-72fp-w44g-625q was published for software.amazon.cryptography:aws-database-encryption-sdk-dynamodb (Maven) Nov 9, 2023
Information Disclosure in Guava Low
CVE-2020-8908 was published for com.google.guava:guava (Maven) Mar 25, 2021
joshbressers
Credited to joshbressers
sbt vulnerable to arbitrary file write via archive extraction (Zip Slip) Low
CVE-2023-46122 was published for org.scala-sbt:io_2.12 (Maven) Oct 24, 2023
xuwei-k eed3si9n
Credited to xuwei-k and eed3si9n
Jenkins NS-ND Integration Performance Publisher Plugin displays credentials without masking Low
CVE-2023-33000 was published for io.jenkins.plugins:cavisson-ns-nd-integration (Maven) May 16, 2023
Non-constant time webhook token hash comparison in Jenkins Zanata Plugin Low
CVE-2023-46660 was published for org.jenkins-ci.plugins:zanata (Maven) Oct 25, 2023
Jenkins MSTeams Webhook Trigger Plugin uses non-constant time webhook token comparison Low
CVE-2023-46658 was published for io.jenkins.plugins:teams-webhook-trigger (Maven) Oct 25, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database