Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

22 advisories

Loading
Remote Code Execution and download tracking in Mintegral SDK Moderate
CVE-2020-7744 was published for com.mintegral.msdk:alphab (Maven) Apr 22, 2021
User passwords transmitted in plain text by Jenkins Active Directory Plugin Moderate
CVE-2022-23105 was published for org.jenkins-ci.plugins:active-directory (Maven) Jan 13, 2022
NotMyFault
Credited to NotMyFault
Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials Moderate
CVE-2022-25180 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Feb 16, 2022
Cleartext Transmission of Sensitive Information in Apache CXF Moderate
CVE-2014-0035 was published for org.apache.cxf:cxf-core (Maven) May 13, 2022
sunSUNQ
Credited to sunSUNQ
Insecure transport protocol in Gradle Moderate
CVE-2019-11065 was published for org.gradle:gradle-core (Maven) May 13, 2022
Cleartext Transmission of Sensitive Information in Jenkins Configuration as Code Plugin Moderate
CVE-2019-10363 was published for io.jenkins:configuration-as-code (Maven) May 24, 2022
Insertion of Sensitive Information into Log File in Jenkins Mask Passwords Plugin Moderate
CVE-2019-10370 was published for org.jenkins-ci.plugins:mask-passwords (Maven) May 24, 2022
Jenkins IBM AppScan Plugin showed plain text password in job configuration form fields Moderate
CVE-2019-10391 was published for com.hcl.security:ibm-application-security (Maven) May 24, 2022
Jenkins SCTMExecutor Plugin stores credentials in plain text Moderate
CVE-2019-16568 was published for hudson.plugins.sctmexecutor:SCTMExecutor (Maven) May 24, 2022
Missing permission checks in Jenkins P4 Plugin Moderate
CVE-2020-2142 was published for org.jenkins-ci.plugins:p4 (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Passwords transmitted in plain text by Jenkins ReadyAPI Functional Testing Plugin Moderate
CVE-2020-2251 was published for org.jenkins-ci.plugins:soapui-pro-functional-testing (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Jenkins Aqua MicroScanner Plugin showed plain text credential in configuration form Moderate
CVE-2019-10427 was published for org.jenkins-ci.plugins:aqua-microscanner (Maven) May 24, 2022
Jenkins OpsGenie Plugin vulnerable to Cleartext Transmission of Sensitive Information Moderate
CVE-2022-34804 was published for org.jenkins-ci.plugins:opsgenie (Maven) Jul 1, 2022
Jenkins Gitea Plugin vulnerable to Cleartext Transmission of Sensitive Information Moderate
CVE-2022-46685 was published for org.jenkins-ci.plugins:gitea (Maven) Dec 12, 2022
Apache James server allows an attacker with local access to access private user data in transit Moderate
CVE-2022-45935 was published for org.apache.james:james-server (Maven) Jan 6, 2023
Cleartext Transmission of Sensitive Information in Jenkins JIRA Pipeline Steps Plugin Moderate
CVE-2023-24440 was published for org.jenkins-ci.plugins:jira-steps (Maven) Jan 26, 2023
Jenkins Thycotic DevOps Secrets Vault Plugin does not properly mask credentials Moderate
CVE-2023-30515 was published for io.jenkins.plugins:thycotic-devops-secrets-vault (Maven) Apr 12, 2023
Jenkins Azure Key Vault Plugin does not properly mask credentials Moderate
CVE-2023-30514 was published for org.jenkins-ci.plugins:azure-keyvault (Maven) Apr 12, 2023
Jenkins Kubernetes Plugin does not properly mask credentials Moderate
CVE-2023-30513 was published for org.csanchez.jenkins.plugins:kubernetes (Maven) Apr 12, 2023
Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin Moderate
CVE-2024-39459 was published for org.jenkins-ci.plugins:plain-credentials (Maven) Jun 26, 2024
Duplicate Advisory: Keycloak vulnerable to Cleartext Transmission of Sensitive Information Moderate
GHSA-6mpx-pmgp-ww49 was published for org.keycloak:keycloak-quarkus-server (Maven) Dec 18, 2024 withdrawn
Keycloak on Quarkus CLI option for encrypted JGroups ignored Moderate
CVE-2024-10973 was published for org.keycloak:keycloak-quarkus-server (Maven) Feb 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database