GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,792
Erlang
36
GitHub Actions
29
Go
2,377
Maven
5,000+
npm
4,002
NuGet
720
pip
3,802
Pub
12
RubyGems
927
Rust
984
Swift
38
Unreviewed advisories
All unreviewed
5,000+
23,094 advisories
Filter by severity
docusaurus-plugin-content-gists vulnerability exposes GitHub Personal Access Token
Critical
CVE-2025-53624
was published
for
docusaurus-plugin-content-gists
(npm)
Jul 9, 2025
Jenkins Applitools Eyes Plugin vulnerability exposes unencrypted keys to certain authenticated users
Moderate
CVE-2025-53742
was published
for
org.jenkins-ci.plugins:pplitools-eyes
(Maven)
Jul 9, 2025
Jenkins Warrior Framework Plugin vulnerability exposes unencrypted passwords to certain authenticated users
Moderate
CVE-2025-53675
was published
for
org.jenkins-ci.plugins:warrior
(Maven)
Jul 9, 2025
Jenkins User1st uTester Plugin vulnerability exposes unencrypted token to authenticated users
Low
CVE-2025-53678
was published
for
io.jenkins.plugins:user1st-utester
(Maven)
Jul 9, 2025
Jenkins VAddy Plugin vulnerability exposes plaintext keys on its job configuration form
Moderate
CVE-2025-53669
was published
for
org.jenkins-ci.plugins:vaddy-plugin
(Maven)
Jul 9, 2025
Jenkins Xooa Plugin vulnerability exposes unencrypted tokens to authenticated users
Moderate
CVE-2025-53676
was published
for
io.jenkins.plugins:xooa
(Maven)
Jul 9, 2025
Jenkins Xooa Plugin vulnerability does not mask its Xooa Deployment Token
Moderate
CVE-2025-53677
was published
for
io.jenkins.plugins:xooa
(Maven)
Jul 9, 2025
Jenkins Applitools Eyes Plugin vulnerability does not mask API keys on its job configuration form
Moderate
CVE-2025-53743
was published
for
org.jenkins-ci.plugins:applitools-eyes
(Maven)
Jul 9, 2025
Jenkins Statistics Gatherer Plugin does not mask AWS Secret Key
Moderate
CVE-2025-53655
was published
for
org.jenkins.plugins.statistics.gatherer:statistics-gatherer
(Maven)
Jul 9, 2025
Jenkins Testsigma Test Plan vulnerability exposes API keys via job configuration form
Low
CVE-2025-53661
was published
for
io.jenkins.plugins:testsigma
(Maven)
Jul 9, 2025
Jenkins Applitools Eyes Plugin vulnerable to XSS through its Build page
High
CVE-2025-53658
was published
for
org.jenkins-ci.plugins:applitools-eyes
(Maven)
Jul 9, 2025
Jenkins ReadyAPI Functional Testing Plugin vulnerability exposes secrets
Moderate
CVE-2025-53657
was published
for
org.jenkins-ci.plugins:soapui-pro-functional-testing
(Maven)
Jul 9, 2025
Jenkins QMetry Test Management Plugin stores unencrypted API keys
Moderate
CVE-2025-53659
was published
for
org.jenkins-ci.plugins:qmetry-test-management
(Maven)
Jul 9, 2025
Jenkins Dead Man's Snitch Plugin vulnerability does not mask tokens
Moderate
CVE-2025-53667
was published
for
org.jenkins-ci.plugins:deadmanssnitch
(Maven)
Jul 9, 2025
Jenkins Dead Man's Snitch Plugin vulnerability stores tokens in plain text
Moderate
CVE-2025-53666
was published
for
org.jenkins-ci.plugins:deadmanssnitch
(Maven)
Jul 9, 2025
Jenkins Sensedia API Platform Plugin vulnerability exposes unencrypted tokens in its global configuration file
Moderate
CVE-2025-53673
was published
for
org.jenkins-ci.plugins:sensedia-api-platform
(Maven)
Jul 9, 2025
Jenkins Kryptowire Plugin vulnerability stores unencrypted Kryptowire API key
Moderate
CVE-2025-53672
was published
for
io.jenkins.plugins:kryptowire
(Maven)
Jul 9, 2025
Jenkins Nouvola DiveCloud Plugin vulnerability stores unencrypted credentials
Moderate
CVE-2025-53670
was published
for
org.jenkins-ci.plugins:nouvola-divecloud
(Maven)
Jul 9, 2025
Jenkins Nouvola DiveCloud Plugin vulnerability does not mask keys on its job configuration form
Moderate
CVE-2025-53671
was published
for
org.jenkins-ci.plugins:nouvola-divecloud
(Maven)
Jul 9, 2025
Jenkins VAddy Plugin vulnerability exposes unencrypted keys to certain authenticated users
Moderate
CVE-2025-53668
was published
for
org.jenkins-ci.plugins:vaddy-plugin
(Maven)
Jul 9, 2025
Jenkins Sensedia API Platform Plugin vulnerability exposes unencrypted tokens
Moderate
CVE-2025-53674
was published
for
org.jenkins-ci.plugins:sensedia-api-platform
(Maven)
Jul 9, 2025
Jenkins ReadyAPI Functional Testing Plugin vulnerability stores unencrypted authentication credentials
Moderate
CVE-2025-53656
was published
for
org.jenkins-ci.plugins:soapui-pro-functional-testing
(Maven)
Jul 9, 2025
Jenkins QMetry Test Management Plugin vulnerability exposes API keys
Moderate
CVE-2025-53660
was published
for
org.jenkins-ci.plugins:qmetry-test-management
(Maven)
Jul 9, 2025
Jenkins Apica Loadtest Plugin vulnerability exposes authentication tokens
Moderate
CVE-2025-53664
was published
for
com.apica:ApicaLoadtest
(Maven)
Jul 9, 2025
Jenkins Apica Loadtest Plugin vulnerability exposes authentication tokens
Moderate
CVE-2025-53665
was published
for
com.apica:ApicaLoadtest
(Maven)
Jul 9, 2025
ProTip!
Advisories are also available from the
GraphQL API