GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
130 advisories
Filter by severity
Keycloak vulnerable to Plaintext Storage of User Password
High
CVE-2023-4918
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 12, 2023
EisBaer Scada - CWE-256: Plaintext Storage of a Password
Critical
Unreviewed
CVE-2023-42493
was published
Oct 25, 2023
A vulnerability was found in didi KnowSearch 0.3.2/0.3.1.2. It has been rated as problematic....
Moderate
Unreviewed
CVE-2023-4984
was published
Sep 15, 2023
Plaintext Storage of a Password in Jenkins NS-ND Integration Performance Publisher Plugin
Moderate
CVE-2022-45392
was published
for
io.jenkins.plugins:cavisson-ns-nd-integration
(Maven)
Nov 16, 2022
Jenkins Reverse Proxy Auth Plugin vulnerable due to plaintext storage of passwords
Moderate
CVE-2022-45384
was published
for
org.jenkins-ci.main:reverse-proxy-auth-plugin
(Maven)
Nov 16, 2022
Jenkins OpsGenie Plugin Plaintext Storage of a Password vulnerability
Moderate
CVE-2022-34803
was published
for
org.jenkins-ci.plugins:opsgenie
(Maven)
Jul 1, 2022
Plaintext storage in Jenkins instant-messaging Plugin
Moderate
CVE-2022-28135
was published
for
org.jvnet.hudson.plugins:instant-messaging
(Maven)
Mar 30, 2022
Password stored in plain text by Jenkins Nomad Plugin
Moderate
CVE-2021-21681
was published
for
org.jenkins-ci.plugins:nomad
(Maven)
May 24, 2022
Credentials stored in plain text by Jenkins tfs Plugin
Low
CVE-2020-2249
was published
for
org.jenkins-ci.plugins:tfs
(Maven)
May 24, 2022
Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin
Moderate
CVE-2020-2250
was published
for
org.jenkins-ci.plugins:soapui-pro-functional-testing
(Maven)
May 24, 2022
Secret stored in plain text by Jenkins Slack Upload Plugin
Moderate
CVE-2020-2208
was published
for
org.jenkins-ci.plugins:slack-uploader
(Maven)
May 24, 2022
Secret stored in plain text by Jenkins GitHub Coverage Reporter Plugin
Moderate
CVE-2020-2212
was published
for
io.jenkins.plugins:github-coverage-reporter
(Maven)
May 24, 2022
Password stored in plain text by Jenkins TestComplete support Plugin
Moderate
CVE-2020-2209
was published
for
org.jenkins-ci.plugins:TestComplete
(Maven)
May 24, 2022
Credentials stored in plain text by Jenkins White Source Plugin
Moderate
CVE-2020-2213
was published
for
org.jenkins-ci.plugins:whitesource
(Maven)
May 24, 2022
Password stored in plain text by Jenkins HP ALM Quality Center Plugin
Low
CVE-2020-2218
was published
for
org.jenkins-ci.plugins:hp-quality-center
(Maven)
May 24, 2022
Jenkins Zephyr for JIRA Test Management Plugin stores credentials in plain text
Low
CVE-2020-2154
was published
for
org.jenkins-ci.plugins:zephyr-for-jira-test-management
(Maven)
May 24, 2022
Client secret transmitted in plain text by Azure AD Plugin
Low
CVE-2020-2119
was published
for
org.jenkins-ci.plugins:azure-ad
(Maven)
May 24, 2022
Credentials stored in plain text by debian-package-builder Plugin
Low
CVE-2020-2125
was published
for
ru.yandex.jenkins.plugins.debuilder:debian-package-builder
(Maven)
May 24, 2022
Password stored in plain text by Dynamic Extended Choice Parameter Plugin
Moderate
CVE-2020-2124
was published
for
com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter
(Maven)
May 24, 2022
Credential stored in plain text by BMC Release Package and Deployment Plugin
Low
CVE-2020-2127
was published
for
RPD:bmc-rpd
(Maven)
May 24, 2022
Password stored in plain text by ECX Copy Data Management Plugin
Moderate
CVE-2020-2128
was published
for
com.catalogic.ecxjenkins:catalogic-ecx
(Maven)
May 24, 2022
Passwords stored in plain text by Harvest SCM Plugin
Moderate
CVE-2020-2131
was published
for
org.jenkins-ci.plugins:harvest
(Maven)
May 24, 2022
Passwords stored in plain text by Harvest SCM Plugin
Moderate
CVE-2020-2130
was published
for
org.jenkins-ci.plugins:harvest
(Maven)
May 24, 2022
Credentials stored in plain text by Zephyr Enterprise Test Management Plugin
Low
CVE-2020-2145
was published
for
org.jenkins-ci.plugins:zephyr-enterprise-test-management
(Maven)
May 24, 2022
API keys stored in plain text by Jenkins Katalon Plugin
Moderate
CVE-2022-43419
was published
for
org.jenkins-ci.plugins:katalon
(Maven)
Oct 19, 2022
ProTip!
Advisories are also available from the
GraphQL API