GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
253 advisories
Filter by severity
ActiveMQ's OpenWire protocol exposes certain system details as plain text
Low
CVE-2017-15709
was published
for
org.apache.activemq:activemq-openwire-generator
(Maven)
May 13, 2022
CSRF vulnerability in Amazon EC2 Plugin
Low
CVE-2020-2186
was published
for
org.jenkins-ci.plugins:ec2
(Maven)
May 24, 2022
Jenkins Resource Disposer Plugin allows attacker to stop tracking specified resource
Low
CVE-2018-1999037
was published
for
org.jenkins-ci.plugins:resource-disposer
(Maven)
May 14, 2022
Token stored in plain text by DigitalOcean Plugin
Low
CVE-2020-2126
was published
for
com.dubture.jenkins:digitalocean-plugin
(Maven)
May 24, 2022
Jenkins Coverity Plugin has Insufficiently Protected Credentials
Low
CVE-2018-1000104
was published
for
org.jenkins-ci.plugins:coverity
(Maven)
May 13, 2022
Jenkins meliora-testlab Plugin allows attackers with file system access to Jenkins master to obtain API key
Low
CVE-2018-1999031
was published
for
org.jenkins-ci.plugins:meliora-testlab
(Maven)
May 14, 2022
Jenkins SSH Agent Plugin exposes SSH private key password to users with permission to read the build log
Low
CVE-2018-1999036
was published
for
org.jenkins-ci.plugins:ssh-agent
(Maven)
May 13, 2022
Support bundles can include user session IDs in Jenkins Support Core Plugin
Low
CVE-2021-21621
was published
for
org.jenkins-ci.plugins:support-core
(Maven)
May 24, 2022
Path traversal in Jenkins REPO Plugin
Low
CVE-2022-30949
was published
for
org.jenkins-ci.plugins:git
(Maven)
May 18, 2022
DingTalk Plugin stores credentials in plain text
Low
CVE-2019-10433
was published
for
io.jenkins.plugins:dingding-notifications
(Maven)
May 24, 2022
Jenkins Email Extension Plugin SMTP password transmitted and displayed in plain text
Low
CVE-2020-2232
was published
for
org.jenkins-ci.plugins:email-ext
(Maven)
May 24, 2022
Credentials transmitted in plain text by Jenkins Logstash Plugin
Low
CVE-2020-2143
was published
for
org.jenkins-ci.plugins:logstash
(Maven)
May 24, 2022
Broken access control in Silverpeas
Low
CVE-2023-47320
was published
for
org.silverpeas.core:silverpeas-core-war
(Maven)
Dec 13, 2023
Credentials transmitted in plain text by Backlog Plugin
Low
CVE-2020-2153
was published
for
org.jenkins-ci.plugins:backlog
(Maven)
May 24, 2022
Jenkins REST APIs vulnerable to clickjacking
Low
CVE-2020-2105
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
CSRF vulnerability in Jenkins Amazon EC2 Plugin
Low
CVE-2020-2090
was published
for
org.jenkins-ci.plugins:ec2
(Maven)
May 24, 2022
Jenkins Inedo ProGet Plugin Plugin has Cleartext Transmission of Sensitive Information
Low
CVE-2019-10412
was published
for
com.inedo.proget:inedo-proget
(Maven)
May 24, 2022
Jenkins Maven Release Plug-in Plugin stored credentials in plain text
Low
CVE-2019-10361
was published
for
org.jenkins-ci.plugins.m2release:m2release
(Maven)
May 24, 2022
Secret stored in plain text by Jenkins Parameterized Remote Trigger Plugin
Low
CVE-2020-2239
was published
for
org.jenkins-ci.plugins:Parameterized-Remote-Trigger
(Maven)
May 24, 2022
Improper masking of some secrets in Jenkins Credentials Binding Plugin
Low
CVE-2020-2182
was published
for
org.jenkins-ci.plugins:credentials-binding
(Maven)
May 24, 2022
Sensitive parameter values captured in build metadata files by Jenkins Parameterized Trigger Plugin
Low
CVE-2022-27195
was published
for
org.jenkins-ci.plugins:parameterized-trigger
(Maven)
Mar 16, 2022
Jenkins Azure AD Plugin stored the client secret unencrypted
Low
CVE-2019-10318
was published
for
org.jenkins-ci.plugins:azure-ad
(Maven)
May 24, 2022
Keycloak vulnerable to LDAP Injection on UsernameForm Login
Low
CVE-2022-2232
was published
for
org.keycloak:keycloak-ldap-federation
(Maven)
Nov 29, 2023
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files
Low
CVE-2023-43123
was published
for
org.apache.storm:storm-core
(Maven)
Nov 23, 2023
Passwords stored in plain text by Jenkins hpe-network-virtualization plugin
Low
CVE-2022-34816
was published
for
org.jenkins-ci.plugins:hpe-network-virtualization
(Maven)
Jul 1, 2022
ProTip!
Advisories are also available from the
GraphQL API