GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,073
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
255 advisories
Filter by severity
Jenkins aws-device-farm Plugin stores credentials in plain text
Low
CVE-2019-1003064
was published
for
org.jenkins-ci.plugins:aws-device-farm
(Maven)
May 13, 2022
Jenkins veracode-scanner Plugin stores credentials in plain text
Low
CVE-2019-1003070
was published
for
org.jenkins-ci.plugins:veracode-scanner
(Maven)
May 13, 2022
Jenkins FTP publisher Plugin stores credentials in plain text
Low
CVE-2019-1003055
was published
for
org.jvnet.hudson.plugins:ftppublisher
(Maven)
May 13, 2022
Jenkins Aqua Security Scanner Plugin stores credentials in plain text
Low
CVE-2019-1003069
was published
for
org.jenkins-ci.plugins:aqua-security-scanner
(Maven)
May 13, 2022
Jenkins Amazon SNS Build Notifier Plugin stores credentials in plain text
Low
CVE-2019-1003063
was published
for
org.jenkins-ci.plugins:snsnotify
(Maven)
May 13, 2022
Jenkins Bitbucket Approve Plugin stores credentials in plain text
Low
CVE-2019-1003057
was published
for
org.jenkins-ci.plugins:bitbucket-approve
(Maven)
May 13, 2022
Jenkins OWASP ZAP Plugin stores unencrypted credentials
Low
CVE-2019-1003060
was published
for
org.jenkins-ci.plugins:zap
(Maven)
May 13, 2022
Jenkins IRC Plugin stores credentials in plain text
Low
CVE-2019-1003051
was published
for
org.jvnet.hudson.plugins:ircbot
(Maven)
May 13, 2022
Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials in plain text
Low
CVE-2019-1003052
was published
for
org.jenkins-ci.plugins:aws-beanstalk-publisher-plugin
(Maven)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins-mailer-plugin
Low
CVE-2017-2651
was published
for
org.jenkins-ci.plugins:mailer
(Maven)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Low
CVE-2017-2603
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
JBossWS vulnerable to uncontrolled recursion
Low
CVE-2011-1483
was published
for
org.jboss.ws:jbossws-common
(Maven)
May 13, 2022
Nimbus JOSE+JWT vulnerable to padding oracle attack
Low
CVE-2017-12973
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Oracle MySQL Connectors Java
Low
CVE-2017-3589
was published
for
mysql:mysql-connector-java
(Maven)
May 13, 2022
Jenkins Coverity Plugin has Insufficiently Protected Credentials
Low
CVE-2018-1000104
was published
for
org.jenkins-ci.plugins:coverity
(Maven)
May 13, 2022
Jenkins z/OS Connector Plugin allows local attacker to retrieve configured password
Low
CVE-2018-1000608
was published
for
org.jenkins-ci.plugins:zos-connector
(Maven)
May 13, 2022
Jenkins SSH Agent Plugin exposes SSH private key password to users with permission to read the build log
Low
CVE-2018-1999036
was published
for
org.jenkins-ci.plugins:ssh-agent
(Maven)
May 13, 2022
Improper Input Validation in Jenkins
Low
CVE-2017-1000401
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
Low
CVE-2010-3718
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in JBoss Fuse
Low
CVE-2014-0085
was published
for
org.jboss.fuse:jboss-fuse
(Maven)
May 14, 2022
Jenkins Resource Disposer Plugin allows attacker to stop tracking specified resource
Low
CVE-2018-1999037
was published
for
org.jenkins-ci.plugins:resource-disposer
(Maven)
May 14, 2022
Jenkins meliora-testlab Plugin allows attackers with file system access to Jenkins master to obtain API key
Low
CVE-2018-1999031
was published
for
org.jenkins-ci.plugins:meliora-testlab
(Maven)
May 14, 2022
Jenkins GitHub Pull Request Builder Plugin
Low
CVE-2018-1000143
was published
for
org.jenkins-ci.plugins:ghprb
(Maven)
May 14, 2022
Jenkins Reverse Proxy Auth Plugin allows attackers with local file system access to obtain a list of authorities for logged in users
Low
CVE-2018-1000150
was published
for
org.jenkins-ci.plugins:reverse-proxy-auth-plugin
(Maven)
May 14, 2022
Insecure temporary file usage in Jenkins Git Client Plugin
Low
CVE-2017-1000242
was published
for
org.jenkins-ci.plugins:git-client
(Maven)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API