GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
34 advisories
Filter by severity
Downloads Resources over HTTP in jser-stat
Moderate
CVE-2016-10592
was published
for
jser-stat
(npm)
Feb 18, 2019
Downloads Resources over HTTP in arcanist
Moderate
CVE-2016-10683
was published
for
arcanist
(npm)
Feb 18, 2019
Downloads Resources over HTTP in adamvr-geoip-lite
Moderate
CVE-2016-10680
was published
for
adamvr-geoip-lite
(npm)
Sep 1, 2020
Insecure cookies in Openshift Origin
Moderate
CVE-2015-3207
was published
for
github.com/openshift/origin
(Go)
Jul 8, 2022
Missing Encryption of Sensitive Data in arrow-kt Arrow
Moderate
CVE-2019-11404
was published
for
io.arrow-kt:arrow-ank-gradle
(Maven)
Apr 22, 2019
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows decrypting secrets
Moderate
CVE-2022-23116
was published
for
org.conjur.jenkins:conjur-credentials
(Maven)
Jan 13, 2022
Docker Swarm encrypted overlay network traffic may be unencrypted
Moderate
CVE-2023-28841
was published
for
github.com/docker/docker
(Go)
Apr 4, 2023
usememos/memos missing Secure cookie attribute
Moderate
CVE-2022-4683
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
Jenkins WebSphere Deployer Plugin stores credentials in plain text
Moderate
CVE-2019-1003056
was published
for
org.jenkins-ci.plugins:websphere-deployer
(Maven)
May 13, 2022
Jenkins Jira Issue Updater Plugin stores credentials in plain text
Moderate
CVE-2019-1003054
was published
for
info.bluefloyd.jenkins:jenkins-jira-issue-updater
(Maven)
May 13, 2022
Jenkins VMware vRealize Automation Plugin Missing Encryption of Sensitive Data
Moderate
CVE-2019-1003068
was published
for
com.inkysea.vmware.vra:vmware-vrealize-automation-plugin
(Maven)
May 13, 2022
Jenkins Trac Publisher Plugin stores credentials in plain text
Moderate
CVE-2019-1003067
was published
for
org.jenkins-ci.plugins:trac-publisher-plugin
(Maven)
May 13, 2022
Jenkins wildFly Deployer Plugin stores credentials in plain text
Moderate
CVE-2019-1003072
was published
for
org.jenkins-ci.plugins:wildfly-deployer
(Maven)
May 13, 2022
Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin
Moderate
CVE-2020-2250
was published
for
org.jenkins-ci.plugins:soapui-pro-functional-testing
(Maven)
May 24, 2022
Jenkins VS Team Services Continuous Deployment Plugin stores credentials in plain text
Moderate
CVE-2019-1003073
was published
for
org.jenkins-ci.plugins:vsts-cd
(Maven)
May 13, 2022
Cleartext Transmission of Sensitive Information in Jenkins Configuration as Code Plugin
Moderate
CVE-2019-10363
was published
for
io.jenkins:configuration-as-code
(Maven)
May 24, 2022
Jenkins CloudFormation Plugin stores credentials in plain text
Moderate
CVE-2019-1003061
was published
for
org.jenkins-ci.plugins:jenkins-cloudformation-plugin
(Maven)
May 13, 2022
Jenkins Ansible Plugin stores and displays secrets in plain text
Moderate
CVE-2023-32982
was published
for
org.jenkins-ci.plugins:ansible
(Maven)
May 16, 2023
Jenkins Active Directory Plugin vulnerable to Active Directory credential disclosure
Moderate
CVE-2023-37943
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
Jul 12, 2023
Jenkins Upload to pgyer Plugin stores credentials in plain text
Moderate
CVE-2019-1003089
was published
for
ren.helloworld:upload-pgyer
(Maven)
May 13, 2022
Jenkins Open STF Plugin stores credentials in plain text
Moderate
CVE-2019-1003094
was published
for
org.jenkins-ci.plugins:open-stf
(Maven)
May 13, 2022
Jenkins Perfecto Mobile Plugin stores credentials in plain text
Moderate
CVE-2019-1003095
was published
for
org.jenkins-ci.plugins:perfectomobile
(Maven)
May 13, 2022
Jenkins Fabric-beta-publisher Plugin stores credentials in plain text
Moderate
CVE-2019-1003088
was published
for
egor-n:fabric-beta-publisher
(Maven)
May 13, 2022
1Panel set-cookie is missing the Secure keyword
Moderate
CVE-2024-24768
was published
for
github.com/1Panel-dev/1Panel
(Go)
Feb 5, 2024
Unencrypted traffic between nodes when using WireGuard and L7 policies
Moderate
CVE-2024-28250
was published
for
github.com/cilium/cilium
(Go)
Mar 18, 2024
ProTip!
Advisories are also available from the
GraphQL API