Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

34 advisories

Loading
Downloads Resources over HTTP in arcanist Moderate
CVE-2016-10683 was published for arcanist (npm) Feb 18, 2019
Downloads Resources over HTTP in jser-stat Moderate
CVE-2016-10592 was published for jser-stat (npm) Feb 18, 2019
Missing Encryption of Sensitive Data in arrow-kt Arrow Moderate
CVE-2019-11404 was published for io.arrow-kt:arrow-ank-gradle (Maven) Apr 22, 2019
Downloads Resources over HTTP in adamvr-geoip-lite Moderate
CVE-2016-10680 was published for adamvr-geoip-lite (npm) Sep 1, 2020
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows decrypting secrets Moderate
CVE-2022-23116 was published for org.conjur.jenkins:conjur-credentials (Maven) Jan 13, 2022
NotMyFault
Jenkins wildFly Deployer Plugin stores credentials in plain text Moderate
CVE-2019-1003072 was published for org.jenkins-ci.plugins:wildfly-deployer (Maven) May 13, 2022
Jenkins VS Team Services Continuous Deployment Plugin stores credentials in plain text Moderate
CVE-2019-1003073 was published for org.jenkins-ci.plugins:vsts-cd (Maven) May 13, 2022
Jenkins Open STF Plugin stores credentials in plain text Moderate
CVE-2019-1003094 was published for org.jenkins-ci.plugins:open-stf (Maven) May 13, 2022
Jenkins Perfecto Mobile Plugin stores credentials in plain text Moderate
CVE-2019-1003095 was published for org.jenkins-ci.plugins:perfectomobile (Maven) May 13, 2022
Jenkins Fabric-beta-publisher Plugin stores credentials in plain text Moderate
CVE-2019-1003088 was published for egor-n:fabric-beta-publisher (Maven) May 13, 2022
Jenkins Upload to pgyer Plugin stores credentials in plain text Moderate
CVE-2019-1003089 was published for ren.helloworld:upload-pgyer (Maven) May 13, 2022
Jenkins Jira Issue Updater Plugin stores credentials in plain text Moderate
CVE-2019-1003054 was published for info.bluefloyd.jenkins:jenkins-jira-issue-updater (Maven) May 13, 2022
Jenkins VMware vRealize Automation Plugin Missing Encryption of Sensitive Data Moderate
CVE-2019-1003068 was published for com.inkysea.vmware.vra:vmware-vrealize-automation-plugin (Maven) May 13, 2022
Jenkins Trac Publisher Plugin stores credentials in plain text Moderate
CVE-2019-1003067 was published for org.jenkins-ci.plugins:trac-publisher-plugin (Maven) May 13, 2022
Jenkins CloudFormation Plugin stores credentials in plain text Moderate
CVE-2019-1003061 was published for org.jenkins-ci.plugins:jenkins-cloudformation-plugin (Maven) May 13, 2022
Jenkins WebSphere Deployer Plugin stores credentials in plain text Moderate
CVE-2019-1003056 was published for org.jenkins-ci.plugins:websphere-deployer (Maven) May 13, 2022
Cleartext Transmission of Sensitive Information in Jenkins Configuration as Code Plugin Moderate
CVE-2019-10363 was published for io.jenkins:configuration-as-code (Maven) May 24, 2022
OpenStack Keystone does not check signature TTL of the EC2 credential auth method Moderate
CVE-2020-12692 was published for keystone (pip) May 24, 2022
Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin Moderate
CVE-2020-2250 was published for org.jenkins-ci.plugins:soapui-pro-functional-testing (Maven) May 24, 2022
NotMyFault
Insecure cookies in Openshift Origin Moderate
CVE-2015-3207 was published for github.com/openshift/origin (Go) Jul 8, 2022
rdiffweb has insecure HTTP cookies Moderate
CVE-2022-3250 was published for rdiffweb (pip) Sep 22, 2022
usememos/memos missing Secure cookie attribute Moderate
CVE-2022-4683 was published for github.com/usememos/memos (Go) Dec 23, 2022
Docker Swarm encrypted overlay network traffic may be unencrypted Moderate
CVE-2023-28841 was published for github.com/docker/docker (Go) Apr 4, 2023
corhere cpuguy83
tianon laurazard akerouanton quadespresso neersighted
Jenkins Ansible Plugin stores and displays secrets in plain text Moderate
CVE-2023-32982 was published for org.jenkins-ci.plugins:ansible (Maven) May 16, 2023
Jenkins Active Directory Plugin vulnerable to Active Directory credential disclosure Moderate
CVE-2023-37943 was published for org.jenkins-ci.plugins:active-directory (Maven) Jul 12, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database