GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
255 advisories
Filter by severity
Jenkins Weibo Plugin stores credentials unencrypted in its global configuration file
Low
CVE-2019-16572
was published
for
org.jenkins-ci.plugins:weibo
(Maven)
May 24, 2022
Squash TM Publisher (Squash4Jenkins) Plugin stores passwords stored in plain text
Low
CVE-2022-34213
was published
for
org.jenkins-ci.plugins:squashtm-publisher
(Maven)
Jun 24, 2022
Password stored in plain text by Jenkins AppSpider Plugin
Low
CVE-2020-2314
was published
for
com.rapid7:jenkinsci-appspider-plugin
(Maven)
May 24, 2022
Password stored in plain text by Jenkins VMware Lab Manager Slaves Plugin
Low
CVE-2020-2319
was published
for
org.jenkins-ci.plugins:labmanager
(Maven)
May 24, 2022
Credentials transmitted in plain text by Repository Connector Plugin
Low
CVE-2020-2149
was published
for
org.jenkins-ci.plugins:repository-connector
(Maven)
May 24, 2022
Credentials transmitted in plain text by OpenShift Deployer Plugin
Low
CVE-2020-2155
was published
for
org.jenkins-ci.plugins:openshift-deployer
(Maven)
May 24, 2022
Plaintext Storage in Jenkins Spira Importer Plugin
Low
CVE-2019-16543
was published
for
com.inflectra.spiratest.plugins:inflectra-spira-integration
(Maven)
May 24, 2022
Jenkins Sonar Quality Gates Plugin transmits credentials in plain text during configuration
Low
CVE-2020-2150
was published
for
org.jenkins-ci.plugins:sonar-quality-gates
(Maven)
May 24, 2022
Cleartext Storage of Sensitive Information in Jenkins ElasticBox CI Plugin
Low
CVE-2019-10450
was published
for
com.elasticbox.jenkins-ci.plugins:elasticbox
(Maven)
May 24, 2022
Use of a weak cryptographic algorithm in Gradle
Low
CVE-2019-16370
was published
for
org.gradle:gradle-core
(Maven)
May 24, 2022
Jenkins Quality Gates Plugin transmits credentials in plain text during configuration
Low
CVE-2020-2151
was published
for
org.jenkins-ci.plugins:quality-gates
(Maven)
May 24, 2022
Exposure of Sensitive Information in Jenkins Datadog plugin
Low
CVE-2017-1000114
was published
for
org.datadog.jenkins.plugins:datadog
(Maven)
May 17, 2022
OIDC Logout redirect in keycloak
Low
CVE-2020-10734
was published
for
org.keycloak:keycloak-oidc-client-adapter-pom
(Maven)
Apr 28, 2022
Privilege Context Switching Error in Elasticsearch
Low
CVE-2020-7020
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 18, 2021
Jetty invalid URI parsing may produce invalid HttpURI.authority
Low
CVE-2022-2047
was published
for
org.eclipse.jetty:jetty-http
(Maven)
Jul 7, 2022
Potential sensitive data exposure in applications using Vaadin 15
Low
CVE-2020-36319
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
hutool-json vulnerable to memory exhaustion
Low
CVE-2022-45689
was published
for
cn.hutool:hutool-json
(Maven)
Dec 13, 2022
JBossWS vulnerable to uncontrolled recursion
Low
CVE-2011-1483
was published
for
org.jboss.ws:jbossws-common
(Maven)
May 13, 2022
Nimbus JOSE+JWT vulnerable to padding oracle attack
Low
CVE-2017-12973
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
May 13, 2022
Credentials transmitted in plain text by Skytap Cloud CI Plugin
Low
CVE-2020-2157
was published
for
org.jenkins-ci.plugins:skytap
(Maven)
May 24, 2022
Credentials transmitted in plain text by Jenkins DeployHub Plugin
Low
CVE-2020-2156
was published
for
com.openmake:deployhub
(Maven)
May 24, 2022
Passwords transmitted in plain text by Jenkins Stash Branch Parameter Plugin
Low
CVE-2020-2210
was published
for
org.jenkins-ci.plugins:StashBranchParameter
(Maven)
May 24, 2022
Jenkins GitHub Pull Request Builder Plugin
Low
CVE-2018-1000143
was published
for
org.jenkins-ci.plugins:ghprb
(Maven)
May 14, 2022
Jenkins Reverse Proxy Auth Plugin allows attackers with local file system access to obtain a list of authorities for logged in users
Low
CVE-2018-1000150
was published
for
org.jenkins-ci.plugins:reverse-proxy-auth-plugin
(Maven)
May 14, 2022
Path traversal in Jenkins Mercurial Plugin
Low
CVE-2022-30948
was published
for
org.jenkins-ci.plugins:mercurial
(Maven)
May 18, 2022
ProTip!
Advisories are also available from the
GraphQL API