GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
255 advisories
Filter by severity
DingTalk Plugin stores credentials in plain text
Low
CVE-2019-10433
was published
for
io.jenkins.plugins:dingding-notifications
(Maven)
May 24, 2022
Cleartext Storage of Sensitive Information in Jenkins ElasticBox CI Plugin
Low
CVE-2019-10450
was published
for
com.elasticbox.jenkins-ci.plugins:elasticbox
(Maven)
May 24, 2022
Jenkins QMetry for JIRA Plugin shows plain text password in configuration form
Low
CVE-2019-16545
was published
for
org.jenkins-ci.plugins:qmetry-for-jira-test-management
(Maven)
May 24, 2022
Plaintext Storage in Jenkins Spira Importer Plugin
Low
CVE-2019-16543
was published
for
com.inflectra.spiratest.plugins:inflectra-spira-integration
(Maven)
May 24, 2022
Jenkins Weibo Plugin stores credentials unencrypted in its global configuration file
Low
CVE-2019-16572
was published
for
org.jenkins-ci.plugins:weibo
(Maven)
May 24, 2022
CSRF vulnerability in Jenkins Amazon EC2 Plugin
Low
CVE-2020-2090
was published
for
org.jenkins-ci.plugins:ec2
(Maven)
May 24, 2022
Jenkins REST APIs vulnerable to clickjacking
Low
CVE-2020-2105
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Client secret transmitted in plain text by Azure AD Plugin
Low
CVE-2020-2119
was published
for
org.jenkins-ci.plugins:azure-ad
(Maven)
May 24, 2022
Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration
Low
CVE-2020-2114
was published
for
org.jenkins-ci.plugins:s3
(Maven)
May 24, 2022
Token stored in plain text by DigitalOcean Plugin
Low
CVE-2020-2126
was published
for
com.dubture.jenkins:digitalocean-plugin
(Maven)
May 24, 2022
Credential stored in plain text by BMC Release Package and Deployment Plugin
Low
CVE-2020-2127
was published
for
RPD:bmc-rpd
(Maven)
May 24, 2022
Credentials stored in plain text by debian-package-builder Plugin
Low
CVE-2020-2125
was published
for
ru.yandex.jenkins.plugins.debuilder:debian-package-builder
(Maven)
May 24, 2022
Credentials stored in plain text by Zephyr Enterprise Test Management Plugin
Low
CVE-2020-2145
was published
for
org.jenkins-ci.plugins:zephyr-enterprise-test-management
(Maven)
May 24, 2022
Jenkins Quality Gates Plugin transmits credentials in plain text during configuration
Low
CVE-2020-2151
was published
for
org.jenkins-ci.plugins:quality-gates
(Maven)
May 24, 2022
Jenkins Sonar Quality Gates Plugin transmits credentials in plain text during configuration
Low
CVE-2020-2150
was published
for
org.jenkins-ci.plugins:sonar-quality-gates
(Maven)
May 24, 2022
Credentials transmitted in plain text by Repository Connector Plugin
Low
CVE-2020-2149
was published
for
org.jenkins-ci.plugins:repository-connector
(Maven)
May 24, 2022
Credentials transmitted in plain text by Jenkins Logstash Plugin
Low
CVE-2020-2143
was published
for
org.jenkins-ci.plugins:logstash
(Maven)
May 24, 2022
Jenkins Zephyr for JIRA Test Management Plugin stores credentials in plain text
Low
CVE-2020-2154
was published
for
org.jenkins-ci.plugins:zephyr-for-jira-test-management
(Maven)
May 24, 2022
Credentials transmitted in plain text by Backlog Plugin
Low
CVE-2020-2153
was published
for
org.jenkins-ci.plugins:backlog
(Maven)
May 24, 2022
Credentials transmitted in plain text by Jenkins DeployHub Plugin
Low
CVE-2020-2156
was published
for
com.openmake:deployhub
(Maven)
May 24, 2022
Credentials transmitted in plain text by OpenShift Deployer Plugin
Low
CVE-2020-2155
was published
for
org.jenkins-ci.plugins:openshift-deployer
(Maven)
May 24, 2022
Credentials transmitted in plain text by Skytap Cloud CI Plugin
Low
CVE-2020-2157
was published
for
org.jenkins-ci.plugins:skytap
(Maven)
May 24, 2022
Passwords stored in plain text by Jenkins Artifactory Plugin
Low
CVE-2020-2164
was published
for
org.jenkins-ci.plugins:artifactory
(Maven)
May 24, 2022
Passwords transmitted in plain text by Jenkins Artifactory Plugin
Low
CVE-2020-2165
was published
for
org.jenkins-ci.plugins:artifactory
(Maven)
May 24, 2022
Improper masking of some secrets in Jenkins Credentials Binding Plugin
Low
CVE-2020-2182
was published
for
org.jenkins-ci.plugins:credentials-binding
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API