Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

176 advisories

Loading
Private key stored in plain text by Jenkins Google Compute Engine Plugin Moderate
CVE-2022-29052 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) Apr 13, 2022
NotMyFault
In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. High
CVE-2021-45457 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
AWS CodeDeploy Plugin stored AWS Secret Key in plain text High
CVE-2018-1000403 was published for com.amazonaws:codedeploy (Maven) May 13, 2022
westonsteimel
Plaintext Storage of a Password in Jenkins Eagle Tester Plugin Moderate
CVE-2020-2129 was published for com.mobileenerlytics.eagle.tester:eagle-tester (Maven) May 24, 2022
nsufficiently Protected Credentials in ActiveMQ Artemis Moderate
CVE-2020-10727 was published for org.apache.activemq:artemis-commons (Maven) May 24, 2022
Insufficiently Protected Credentials in PowerJob High
CVE-2020-28865 was published for com.github.kfcfans:powerjob (Maven) Jun 17, 2022
Insufficiently Protected Credentials and Improper Authentication in Spring Security High
CVE-2019-11272 was published for org.springframework.security:spring-security-cas (Maven) Jun 27, 2019
Fortify Plugin stored credentials in plain text Moderate
CVE-2020-2107 was published for org.jenkins-ci.plugins:fortify (Maven) May 24, 2022
NotMyFault
Incorrect implementation of lockout feature in Keycloak High
CVE-2021-3513 was published for org.keycloak:keycloak-parent (Maven) Aug 23, 2022
Apache Dolphin Scheduler has insufficiently protected credentials High
CVE-2022-26885 was published for org.apache.dolphinscheduler:dolphinscheduler-common (Maven) Nov 24, 2022
Password stored in plain text by Applatix Plugin Moderate
CVE-2020-2133 was published for com.applatix.jenkins:applatix (Maven) May 24, 2022
NotMyFault
Jenkins AWS CodeDeploy Plugin has Insufficiently Protected Credentials Moderate
CVE-2018-1000402 was published for com.amazonaws:codedeploy (Maven) May 14, 2022
Jenkins Configuration as Code Plugin has Insufficiently Protected Credentials High
CVE-2018-1000610 was published for io.jenkins:configuration-as-code (Maven) May 13, 2022
Jenkins AWS CodePipeline Plugin has Insufficiently Protected Credentials High
CVE-2018-1000401 was published for com.amazonaws:aws-codepipeline (Maven) May 13, 2022
Insufficiently Protected Credentials in Jenkins AWS CodeBuild Plugin High
CVE-2018-1000404 was published for com.amazonaws:aws-codebuild (Maven) May 13, 2022
Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin Moderate
CVE-2020-2318 was published for org.jenkins-ci.plugins:mailcommander (Maven) May 24, 2022
NotMyFault
Password stored in plain text by Jenkins VMware Lab Manager Slaves Plugin Low
CVE-2020-2319 was published for org.jenkins-ci.plugins:labmanager (Maven) May 24, 2022
NotMyFault
Password stored in plain text by Jenkins AppSpider Plugin Low
CVE-2020-2314 was published for com.rapid7:jenkinsci-appspider-plugin (Maven) May 24, 2022
NotMyFault
Missing permission check in Jenkins Project Inheritance Plugin Moderate
CVE-2020-2198 was published for hudson.plugins:project-inheritance (Maven) May 24, 2022
NotMyFault
Squash TM Publisher (Squash4Jenkins) Plugin stores passwords stored in plain text Low
CVE-2022-34213 was published for org.jenkins-ci.plugins:squashtm-publisher (Maven) Jun 24, 2022
westonsteimel NotMyFault
Jenkins Build-Publisher plugin has Insufficiently Protected Credentials High
CVE-2017-1000387 was published for org.jenkins-ci.plugins:build-publisher (Maven) May 13, 2022
Jenkins Sonar Gerrit Plugin stores credentials unencrypted Moderate
CVE-2019-10467 was published for org.jenkins-ci.plugins:sonar-gerrit (Maven) May 24, 2022
Jenkins Mattermost Notification Plugin contains unencrypted storage of secret token Moderate
CVE-2019-10459 was published for org.jenkins-ci.plugins:mattermost (Maven) May 24, 2022
Jenkins Dynatrace Plugin vulnerable to Insufficiently Protected Credentials High
CVE-2019-10461 was published for org.jenkins-ci.plugins:dynatrace-dashboard (Maven) May 24, 2022
Jenkins Anchore Container Scanner Plugin vulnerable to Insufficiently Protected Credentials Moderate
CVE-2019-16542 was published for org.jenkins-ci.plugins:anchore-container-scanner (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database