GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
87 advisories
Filter by severity
Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission
Moderate
CVE-2024-47805
was published
for
org.jenkins-ci.plugins:credentials
(Maven)
Oct 2, 2024
Apereo CAS vulnerable to credential leaks for LDAP authentication
Moderate
CVE-2023-28857
was published
for
org.apereo.cas:cas-server-support-x509-core
(Maven)
Aug 5, 2024
Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies
Moderate
CVE-2023-50291
was published
for
org.apache.solr:solr-core
(Maven)
Feb 9, 2024
Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin
Moderate
CVE-2023-50770
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Dec 13, 2023
Jenkins Jira Plugin vulnerable to exposure of system-scoped credentials
Moderate
CVE-2023-49653
was published
for
org.jenkins-ci.plugins:jira
(Maven)
Nov 29, 2023
Jenkins Warnings Plugin exposures system-scoped credentials
Moderate
CVE-2023-46651
was published
for
io.jenkins.plugins:warnings-ng
(Maven)
Oct 25, 2023
Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin vulnerable to exposure of system-scoped credentials
Moderate
CVE-2023-40347
was published
for
org.jenkins-ci.plugins:maven-artifact-choicelistprovider
(Maven)
Aug 16, 2023
Jenkins Delphix Plugin vulnerable to exposure of system-scoped credentials
Moderate
CVE-2023-40345
was published
for
org.jenkins-ci.plugins:delphix
(Maven)
Aug 16, 2023
Jenkins mabl Plugin vulnerable to exposure of system-scooped credentials
Moderate
CVE-2023-37951
was published
for
com.mabl.integration.jenkins:mabl-integration
(Maven)
Jul 12, 2023
Hazelcast vulnerable to unmasked password exposure
Moderate
CVE-2023-33264
was published
for
com.hazelcast:hazelcast
(Maven)
May 22, 2023
Jenkins Code Dx Plugin stores API keys in plain text
Moderate
CVE-2023-2632
was published
for
org.jenkins-ci.plugins:codedx
(Maven)
May 16, 2023
Jenkins Code Dx Plugin displays API keys in plain text
Moderate
CVE-2023-2633
was published
for
org.jenkins-ci.plugins:codedx
(Maven)
May 16, 2023
Plaintext storage of password after a reset in org.xwiki.platform:xwiki-platform-security-authentication-default
Moderate
CVE-2022-41933
was published
for
org.xwiki.platform:xwiki-platform-security-authentication-default
(Maven)
Nov 21, 2022
Jenkins Reverse Proxy Auth Plugin vulnerable due to plaintext storage of passwords
Moderate
CVE-2022-45384
was published
for
org.jenkins-ci.main:reverse-proxy-auth-plugin
(Maven)
Nov 16, 2022
Plaintext Storage of a Password in Jenkins NS-ND Integration Performance Publisher Plugin
Moderate
CVE-2022-45392
was published
for
io.jenkins.plugins:cavisson-ns-nd-integration
(Maven)
Nov 16, 2022
API keys stored in plain text by Jenkins Katalon Plugin
Moderate
CVE-2022-43419
was published
for
org.jenkins-ci.plugins:katalon
(Maven)
Oct 19, 2022
Improper masking of credentials Jenkins in Git Plugin
Moderate
CVE-2022-38663
was published
for
org.jenkins-ci.plugins:git
(Maven)
Aug 24, 2022
Jenkins OpsGenie Plugin Plaintext Storage of a Password vulnerability
Moderate
CVE-2022-34803
was published
for
org.jenkins-ci.plugins:opsgenie
(Maven)
Jul 1, 2022
Jenkins Deployment Dashboard Plugin has Insufficiently Protected Credentials
Moderate
CVE-2022-34796
was published
for
org.jenkins-ci.plugins:ec2-deployment-dashboard
(Maven)
Jul 1, 2022
Plaintext Storage of a Password in Jenkins Convertigo Mobile Platform Plugin
Moderate
CVE-2022-34199
was published
for
com.convertigo.jenkins.plugins:convertigo-mobile-platform
(Maven)
Jun 24, 2022
Insufficiently Protected Credentials via Insecure Temporary File in org.apache.nifi:nifi-single-user-utils
Moderate
CVE-2022-26850
was published
for
org.apache.nifi:nifi-single-user-utils
(Maven)
Jun 20, 2022
Jenkins Gem Publisher Plugin stores credentials as plaintext
Moderate
CVE-2019-10426
was published
for
net.arangamani.jenkins:gem-publisher
(Maven)
May 24, 2022
Jenkins GitLab Logo Plugin stores credentials unencrypted
Moderate
CVE-2019-10429
was published
for
org.jenkins-ci.plugins:gitlab-logo
(Maven)
May 24, 2022
Password stored in plain text by Jenkins Nomad Plugin
Moderate
CVE-2021-21681
was published
for
org.jenkins-ci.plugins:nomad
(Maven)
May 24, 2022
Passwords stored in plain text by Jenkins Jabber (XMPP) notifier and control Plugin
Moderate
CVE-2021-21634
was published
for
org.jvnet.hudson.plugins:jabber
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API