Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

48 advisories

Loading
Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin Moderate
CVE-2024-39459 was published for org.jenkins-ci.plugins:plain-credentials (Maven) Jun 26, 2024
Keycloak vulnerable to Plaintext Storage of User Password High
CVE-2023-4918 was published for org.keycloak:keycloak-core (Maven) Sep 12, 2023
dasniko lme-atolcd
Jenkins Thycotic DevOps Secrets Vault Plugin does not properly mask credentials Moderate
CVE-2023-30515 was published for io.jenkins.plugins:thycotic-devops-secrets-vault (Maven) Apr 12, 2023
Jenkins Kubernetes Plugin does not properly mask credentials Moderate
CVE-2023-30513 was published for org.csanchez.jenkins.plugins:kubernetes (Maven) Apr 12, 2023
Jenkins Azure Key Vault Plugin does not properly mask credentials Moderate
CVE-2023-30514 was published for org.jenkins-ci.plugins:azure-keyvault (Maven) Apr 12, 2023
Cleartext Transmission of Sensitive Information in Jenkins JIRA Pipeline Steps Plugin Moderate
CVE-2023-24440 was published for org.jenkins-ci.plugins:jira-steps (Maven) Jan 26, 2023
Apache James server allows an attacker with local access to access private user data in transit Moderate
CVE-2022-45935 was published for org.apache.james:james-server (Maven) Jan 6, 2023
Jenkins Gitea Plugin vulnerable to Cleartext Transmission of Sensitive Information Moderate
CVE-2022-46685 was published for org.jenkins-ci.plugins:gitea (Maven) Dec 12, 2022
Jenkins OpsGenie Plugin vulnerable to Cleartext Transmission of Sensitive Information Moderate
CVE-2022-34804 was published for org.jenkins-ci.plugins:opsgenie (Maven) Jul 1, 2022
Cleartext Storage of Sensitive Information in Jenkins Build Notifications Plugin Low
CVE-2022-34801 was published for tools.devnull:build-notifications (Maven) Jul 1, 2022
NotMyFault
Jenkins Aqua MicroScanner Plugin showed plain text credential in configuration form Moderate
CVE-2019-10427 was published for org.jenkins-ci.plugins:aqua-microscanner (Maven) May 24, 2022
Jenkins Aqua Security Scanner Plugin showed plain text password in configuration form High
CVE-2019-10428 was published for org.jenkins-ci.plugins:aqua-security-scanner (Maven) May 24, 2022
Passwords transmitted in plain text by Jenkins ReadyAPI Functional Testing Plugin Moderate
CVE-2020-2251 was published for org.jenkins-ci.plugins:soapui-pro-functional-testing (Maven) May 24, 2022
NotMyFault
Jenkins Email Extension Plugin SMTP password transmitted and displayed in plain text Low
CVE-2020-2232 was published for org.jenkins-ci.plugins:email-ext (Maven) May 24, 2022
NotMyFault
Passwords transmitted in plain text by Jenkins Stash Branch Parameter Plugin Low
CVE-2020-2210 was published for org.jenkins-ci.plugins:StashBranchParameter (Maven) May 24, 2022
NotMyFault
Passwords transmitted in plain text by Jenkins Artifactory Plugin Low
CVE-2020-2165 was published for org.jenkins-ci.plugins:artifactory (Maven) May 24, 2022
NotMyFault
Credentials transmitted in plain text by Skytap Cloud CI Plugin Low
CVE-2020-2157 was published for org.jenkins-ci.plugins:skytap (Maven) May 24, 2022
NotMyFault
Credentials transmitted in plain text by Backlog Plugin Low
CVE-2020-2153 was published for org.jenkins-ci.plugins:backlog (Maven) May 24, 2022
NotMyFault
Credentials transmitted in plain text by Jenkins DeployHub Plugin Low
CVE-2020-2156 was published for com.openmake:deployhub (Maven) May 24, 2022
NotMyFault
Credentials transmitted in plain text by OpenShift Deployer Plugin Low
CVE-2020-2155 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) May 24, 2022
NotMyFault
Missing permission checks in Jenkins P4 Plugin Moderate
CVE-2020-2142 was published for org.jenkins-ci.plugins:p4 (Maven) May 24, 2022
NotMyFault
Credentials transmitted in plain text by Repository Connector Plugin Low
CVE-2020-2149 was published for org.jenkins-ci.plugins:repository-connector (Maven) May 24, 2022
NotMyFault
Jenkins Sonar Quality Gates Plugin transmits credentials in plain text during configuration Low
CVE-2020-2150 was published for org.jenkins-ci.plugins:sonar-quality-gates (Maven) May 24, 2022
NotMyFault
Jenkins Quality Gates Plugin transmits credentials in plain text during configuration Low
CVE-2020-2151 was published for org.jenkins-ci.plugins:quality-gates (Maven) May 24, 2022
NotMyFault
Credentials transmitted in plain text by Jenkins Logstash Plugin Low
CVE-2020-2143 was published for org.jenkins-ci.plugins:logstash (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database