GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
45 advisories
Filter by severity
Sensitive data written to disk unencrypted in Spark
High
CVE-2019-10099
was published
for
org.apache.spark:spark-core_2.11
(Maven)
Aug 8, 2019
Unencrypted storage of client side sessions
Moderate
CVE-2021-29481
was published
for
io.ratpack:ratpack-session
(Maven)
Jul 1, 2021
Jenkins Support Core Plugin stores sensitive data in plain text
Moderate
CVE-2022-25187
was published
for
org.jenkins-ci.plugins:support-core
(Maven)
Feb 16, 2022
Jenkins Gogs Plugin stored credentials in plain text
Moderate
CVE-2019-10348
was published
for
org.jenkins-ci.plugins:gogs-webhook
(Maven)
May 24, 2022
Jenkins Port Allocator Plugin stores credentials in plain text
Moderate
CVE-2019-10350
was published
for
org.jenkins-ci.plugins:port-allocator
(Maven)
May 24, 2022
Jenkins Caliper CI Plugin stores credentials in plain text
Moderate
CVE-2019-10351
was published
for
com.brianfromoregon:caliper-ci
(Maven)
May 24, 2022
DingTalk Plugin stores credentials in plain text
Low
CVE-2019-10433
was published
for
io.jenkins.plugins:dingding-notifications
(Maven)
May 24, 2022
Jenkins NeoLoad Plugin stores credentials in cleartext
High
CVE-2019-10440
was published
for
org.jenkins-ci.plugins:neoload-jenkins-plugin
(Maven)
May 24, 2022
Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin
High
CVE-2019-10448
was published
for
jenkins.xtc:extensivetesting
(Maven)
May 24, 2022
Jenkins iceScrum Plugin stores credentials in Cleartext
High
CVE-2019-10443
was published
for
org.jenkins-ci.plugins:icescrum
(Maven)
May 24, 2022
Jenkins Sofy.AI Plugin stores API token in plain text
Moderate
CVE-2019-10447
was published
for
io.jenkins.plugins:sofy-ai
(Maven)
May 24, 2022
Jenkins Fortify on Demand Plugin stores credentials in plain text
Moderate
CVE-2019-10449
was published
for
org.jenkins-ci.plugins:fortify-on-demand-uploader
(Maven)
May 24, 2022
Jenkins Delphix Plugin vulnerable to Cleartext credential storage
High
CVE-2019-10453
was published
for
org.jenkins-ci.plugins:delphix
(Maven)
May 24, 2022
Jenkins View26 Test-Reporting Plugin stores access token in plain text
Moderate
CVE-2019-10452
was published
for
org.jenkins-ci.plugins:view26
(Maven)
May 24, 2022
Jenkins SOASTA CloudTest Plugin stores API token in plain text
Moderate
CVE-2019-10451
was published
for
com.soasta.jenkins:cloudtest
(Maven)
May 24, 2022
Cleartext Storage of Sensitive Information in Jenkins ElasticBox CI Plugin
Low
CVE-2019-10450
was published
for
com.elasticbox.jenkins-ci.plugins:elasticbox
(Maven)
May 24, 2022
Jenkins Zephyr for JIRA Test Management Plugin stores credentials in plain text
Low
CVE-2020-2154
was published
for
org.jenkins-ci.plugins:zephyr-for-jira-test-management
(Maven)
May 24, 2022
Passwords stored in plain text by Jenkins Artifactory Plugin
Low
CVE-2020-2164
was published
for
org.jenkins-ci.plugins:artifactory
(Maven)
May 24, 2022
Credentials stored in plain text by Jenkins Copr Plugin
Moderate
CVE-2020-2177
was published
for
org.fedoraproject.jenkins.plugins:copr
(Maven)
May 24, 2022
nsufficiently Protected Credentials in ActiveMQ Artemis
Moderate
CVE-2020-10727
was published
for
org.apache.activemq:artemis-commons
(Maven)
May 24, 2022
Passwords stored in plain text by ElasTest Plugin
Moderate
CVE-2020-2274
was published
for
org.jenkins-ci.plugins:elastest
(Maven)
May 24, 2022
Jenkins NeuVector Vulnerability Scanner Plugin stored credentials in plain text
Moderate
CVE-2019-10430
was published
for
io.jenkins.plugins:neuvector-vulnerability-scanner
(Maven)
May 24, 2022
Plaintext storage of password after a reset in org.xwiki.platform:xwiki-platform-security-authentication-default
Moderate
CVE-2022-41933
was published
for
org.xwiki.platform:xwiki-platform-security-authentication-default
(Maven)
Nov 21, 2022
Password exposure in H2 Database
High
CVE-2022-45868
was published
for
com.h2database:h2
(Maven)
Nov 23, 2022
Apache James MIME4J vulnerable to information disclosure to local users
Moderate
CVE-2022-45787
was published
for
org.apache.james:apache-mime4j-storage
(Maven)
Jan 6, 2023
ProTip!
Advisories are also available from the
GraphQL API