GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,991
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
793
Swift
34
Unreviewed advisories
All unreviewed
5,000+
256 advisories
Filter by severity
Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials in plain text
Low
CVE-2019-1003052
was published
for
org.jenkins-ci.plugins:aws-beanstalk-publisher-plugin
(Maven)
May 13, 2022
Jenkins OWASP ZAP Plugin stores unencrypted credentials
Low
CVE-2019-1003060
was published
for
org.jenkins-ci.plugins:zap
(Maven)
May 13, 2022
Jenkins Octopus Deploy Plugin stores credentials in plain text
Low
CVE-2019-1003071
was published
for
hudson.plugins.octopusdeploy:octopusdeploy
(Maven)
May 13, 2022
Jenkins Aqua Security Scanner Plugin stores credentials in plain text
Low
CVE-2019-1003069
was published
for
org.jenkins-ci.plugins:aqua-security-scanner
(Maven)
May 13, 2022
Jenkins Repository Connector Plugin has insufficiently protected credentials
Low
CVE-2019-1003038
was published
for
org.jenkins-ci.plugins:repository-connector
(Maven)
May 13, 2022
Apache Tomcat XSS In Accept-Language Headers
Low
CVE-2007-1358
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
Apache Tomcat AJP Connector Information Leak
Low
CVE-2005-3164
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
Temporary File Information Disclosure vulnerability in MPXJ
Low
CVE-2022-41954
was published
for
mpxj
(Maven)
Nov 28, 2022
Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations
Low
GHSA-58qw-p7qm-5rvh
was published
for
org.eclipse.jetty:jetty-xml
(Maven)
Jul 10, 2023
Path traversal in org.postgresql:postgresql
Low
CVE-2022-26520
was published
for
org.postgresql:postgresql
(Maven)
Mar 11, 2022
RabbitMQ password stored in plain text by Jenkins CollabNet Plugins Plugin
Low
CVE-2022-38665
was published
for
org.jenkins-ci.plugins:collabnet
(Maven)
Aug 24, 2022
Plaintext Storage of a Password in Jenkins Elasticsearch Query Plugin
Low
CVE-2022-34807
was published
for
org.jenkins-ci.plugins:elasticsearch-query
(Maven)
Jul 1, 2022
API token stored in plain text by Jenkins CONS3RT Plugin
Low
CVE-2022-41255
was published
for
org.jenkins-ci.plugins:cons3rt
(Maven)
Sep 22, 2022
Jenkins WSO2 Oauth Plugin stores WSO2 Oauth client secret unencrypted in global config.xml file on Jenkins controller
Low
CVE-2023-30527
was published
for
org.jenkins-ci.plugins:wso2id-oauth
(Maven)
Apr 12, 2023
Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm
Low
CVE-2023-29203
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Apr 12, 2023
Jenkins WSO2 Oauth Plugin does not mask the WSO2 Oauth client secret on the global configuration form
Low
CVE-2023-30528
was published
for
org.jenkins-ci.plugins:wso2id-oauth
(Maven)
Apr 12, 2023
Duplicate Advisory: Denial of Service due to parser crash
Low
GHSA-3mq5-fq9h-gj7j
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Sep 17, 2022
•
withdrawn
Jenkins elOyente Plugin has Insufficiently Protected Credentials
Low
CVE-2019-10424
was published
for
com.technicolor:elOyente
(Maven)
May 24, 2022
Jenkins CodeScan Plugin has Insufficiently Protected Credentials
Low
CVE-2019-10423
was published
for
com.villagechief.codescan.jenkins:codescan
(Maven)
May 24, 2022
Jenkins Assembla Plugin has Insufficiently Protected Credentials
Low
CVE-2019-10420
was published
for
org.jenkins-ci.plugins:assembla
(Maven)
May 24, 2022
Jenkins vFabric Application Director Plugin Insufficiently Protected Credentials
Low
CVE-2019-10419
was published
for
org.jenkins-ci.plugins:application-director-plugin
(Maven)
May 24, 2022
Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin
Low
CVE-2022-25186
was published
for
com.datapipe.jenkins.plugins:hashicorp-vault-plugin
(Maven)
Feb 16, 2022
Improper Synchronization in Jenkins Convertigo Mobile Platform Plugin
Low
CVE-2022-25210
was published
for
com.convertigo.jenkins.plugins:convertigo-mobile-platform
(Maven)
Feb 16, 2022
Insecure temporary file usage in Jenkins Git Client Plugin
Low
CVE-2017-1000242
was published
for
org.jenkins-ci.plugins:git-client
(Maven)
May 17, 2022
Client Secret stored in plain text by Jenkins GitLab Authentication Plugin
Low
CVE-2022-27206
was published
for
org.jenkins-ci.plugins:gitlab-oauth
(Maven)
Mar 16, 2022
ProTip!
Advisories are also available from the
GraphQL API