Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,744
Maven
5,000+
npm
4,341
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

192 advisories

Loading
When exporting media types, the password is exported in the YAML in plain text. This appears to... Low Unreviewed
CVE-2024-36464 was published Nov 27, 2024
A potential vulnerability was reported in some Lenovo Tablets that could allow a local... Moderate Unreviewed
CVE-2025-11193 was published Nov 4, 2025
User passwords are decrypted and stored on memory before any user logged in. Those decrypted... Moderate Unreviewed
CVE-2024-29978 was published Nov 26, 2024
Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user may... Moderate Unreviewed
CVE-2025-46366 was published Nov 5, 2025
Jenkins Statistics Gatherer Plugin does not mask AWS Secret Key Moderate
CVE-2025-53655 was published for org.jenkins.plugins.statistics.gatherer:statistics-gatherer (Maven) Jul 9, 2025
Jenkins ReadyAPI Functional Testing Plugin vulnerability stores unencrypted authentication credentials Moderate
CVE-2025-53656 was published for org.jenkins-ci.plugins:soapui-pro-functional-testing (Maven) Jul 9, 2025
Jenkins Apica Loadtest Plugin vulnerability exposes authentication tokens Moderate
CVE-2025-53665 was published for com.apica:ApicaLoadtest (Maven) Jul 9, 2025
Jenkins QMetry Test Management Plugin vulnerability exposes API keys Moderate
CVE-2025-53660 was published for org.jenkins-ci.plugins:qmetry-test-management (Maven) Jul 9, 2025
Jenkins Apica Loadtest Plugin vulnerability exposes authentication tokens Moderate
CVE-2025-53664 was published for com.apica:ApicaLoadtest (Maven) Jul 9, 2025
Jenkins IFTTT Build Notifier Plugin vulnerability exposes IFTTT Maker Channel Keys Moderate
CVE-2025-53662 was published for org.jenkins-ci.plugins:ifttt-build-notifier (Maven) Jul 9, 2025
Jenkins Nouvola DiveCloud Plugin vulnerability does not mask keys on its job configuration form Moderate
CVE-2025-53671 was published for org.jenkins-ci.plugins:nouvola-divecloud (Maven) Jul 9, 2025
Jenkins VAddy Plugin vulnerability exposes plaintext keys on its job configuration form Moderate
CVE-2025-53669 was published for org.jenkins-ci.plugins:vaddy-plugin (Maven) Jul 9, 2025
Jenkins Sensedia API Platform Plugin vulnerability exposes unencrypted tokens Moderate
CVE-2025-53674 was published for org.jenkins-ci.plugins:sensedia-api-platform (Maven) Jul 9, 2025
Jenkins Warrior Framework Plugin vulnerability exposes unencrypted passwords to certain authenticated users Moderate
CVE-2025-53675 was published for org.jenkins-ci.plugins:warrior (Maven) Jul 9, 2025
Jenkins Xooa Plugin vulnerability does not mask its Xooa Deployment Token Moderate
CVE-2025-53677 was published for io.jenkins.plugins:xooa (Maven) Jul 9, 2025
A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in... Moderate Unreviewed
CVE-2025-9982 was published Nov 14, 2025
Plaintext password storage in Kotaemon 0.11.0 in the client's localStorage. High Unreviewed
CVE-2025-56527 was published Nov 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database