Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

18 advisories

Loading
Elasticsearch stores private key on disk unencrypted Moderate
CVE-2024-23444 was published for org.elasticsearch:elasticsearch (Maven) Jul 31, 2024
Jenkins Fabric-beta-publisher Plugin stores credentials in plain text Moderate
CVE-2019-1003088 was published for egor-n:fabric-beta-publisher (Maven) May 13, 2022
Jenkins Perfecto Mobile Plugin stores credentials in plain text Moderate
CVE-2019-1003095 was published for org.jenkins-ci.plugins:perfectomobile (Maven) May 13, 2022
Jenkins Open STF Plugin stores credentials in plain text Moderate
CVE-2019-1003094 was published for org.jenkins-ci.plugins:open-stf (Maven) May 13, 2022
Jenkins Upload to pgyer Plugin stores credentials in plain text Moderate
CVE-2019-1003089 was published for ren.helloworld:upload-pgyer (Maven) May 13, 2022
Jenkins Active Directory Plugin vulnerable to Active Directory credential disclosure Moderate
CVE-2023-37943 was published for org.jenkins-ci.plugins:active-directory (Maven) Jul 12, 2023
Jenkins Ansible Plugin stores and displays secrets in plain text Moderate
CVE-2023-32982 was published for org.jenkins-ci.plugins:ansible (Maven) May 16, 2023
Jenkins CloudFormation Plugin stores credentials in plain text Moderate
CVE-2019-1003061 was published for org.jenkins-ci.plugins:jenkins-cloudformation-plugin (Maven) May 13, 2022
Cleartext Transmission of Sensitive Information in Jenkins Configuration as Code Plugin Moderate
CVE-2019-10363 was published for io.jenkins:configuration-as-code (Maven) May 24, 2022
Jenkins VS Team Services Continuous Deployment Plugin stores credentials in plain text Moderate
CVE-2019-1003073 was published for org.jenkins-ci.plugins:vsts-cd (Maven) May 13, 2022
Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin Moderate
CVE-2020-2250 was published for org.jenkins-ci.plugins:soapui-pro-functional-testing (Maven) May 24, 2022
NotMyFault
Jenkins wildFly Deployer Plugin stores credentials in plain text Moderate
CVE-2019-1003072 was published for org.jenkins-ci.plugins:wildfly-deployer (Maven) May 13, 2022
Jenkins Trac Publisher Plugin stores credentials in plain text Moderate
CVE-2019-1003067 was published for org.jenkins-ci.plugins:trac-publisher-plugin (Maven) May 13, 2022
Jenkins VMware vRealize Automation Plugin Missing Encryption of Sensitive Data Moderate
CVE-2019-1003068 was published for com.inkysea.vmware.vra:vmware-vrealize-automation-plugin (Maven) May 13, 2022
Jenkins Jira Issue Updater Plugin stores credentials in plain text Moderate
CVE-2019-1003054 was published for info.bluefloyd.jenkins:jenkins-jira-issue-updater (Maven) May 13, 2022
Jenkins WebSphere Deployer Plugin stores credentials in plain text Moderate
CVE-2019-1003056 was published for org.jenkins-ci.plugins:websphere-deployer (Maven) May 13, 2022
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows decrypting secrets Moderate
CVE-2022-23116 was published for org.conjur.jenkins:conjur-credentials (Maven) Jan 13, 2022
NotMyFault
Missing Encryption of Sensitive Data in arrow-kt Arrow Moderate
CVE-2019-11404 was published for io.arrow-kt:arrow-ank-gradle (Maven) Apr 22, 2019
ProTip! Advisories are also available from the GraphQL API