GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+
227 advisories
Filter by severity
rpc.py vulnerable to Deserialization of Untrusted Data
Critical
CVE-2022-35411
was published
for
rpc.py
(pip)
Jul 9, 2022
Plaintext Storage of a Password in Jenkins Elasticsearch Query Plugin
Low
CVE-2022-34807
was published
for
org.jenkins-ci.plugins:elasticsearch-query
(Maven)
Jul 1, 2022
Plaintext Storage of a Password in Jenkins Jigomerge Plugin
Low
CVE-2022-34806
was published
for
org.jenkins-ci.plugins:jigomerge
(Maven)
Jul 1, 2022
Password stored in plain text by Jenkins RQM Plugin
Low
CVE-2022-34809
was published
for
net.praqma:rqm-plugin
(Maven)
Jul 1, 2022
Plaintext Storage of a Password in Jenkins Skype notifier Plugin
Low
CVE-2022-34805
was published
for
org.jenkins-ci.plugins:skype-notifier
(Maven)
Jul 1, 2022
Jenkins OpsGenie Plugin Plaintext Storage of a Password vulnerability
Moderate
CVE-2022-34803
was published
for
org.jenkins-ci.plugins:opsgenie
(Maven)
Jul 1, 2022
Token stored in plain text by Jenkins Cisco Spark Plugin
Low
CVE-2022-34808
was published
for
org.jenkins-ci.plugins:cisco-spark
(Maven)
Jul 1, 2022
Passwords stored in plain text by Jenkins hpe-network-virtualization plugin
Low
CVE-2022-34816
was published
for
org.jenkins-ci.plugins:hpe-network-virtualization
(Maven)
Jul 1, 2022
Plaintext Storage of a Password in Jenkins Deployment Dashboard Plugin
Low
CVE-2022-34799
was published
for
org.jenkins-ci.plugins:ec2-deployment-dashboard
(Maven)
Jul 1, 2022
Plaintext Storage of a Password in Jenkins RocketChat Notifier Plugin
Low
CVE-2022-34802
was published
for
org.jenkins-ci.plugins:rocketchatnotifier
(Maven)
Jul 1, 2022
Jenkins Deployment Dashboard Plugin has Insufficiently Protected Credentials
Moderate
CVE-2022-34796
was published
for
org.jenkins-ci.plugins:ec2-deployment-dashboard
(Maven)
Jul 1, 2022
Plaintext Storage of a Password in Jenkins Build Notifications Plugin
Low
CVE-2022-34800
was published
for
tools.devnull:build-notifications
(Maven)
Jul 1, 2022
Squash TM Publisher (Squash4Jenkins) Plugin stores passwords stored in plain text
Low
CVE-2022-34213
was published
for
org.jenkins-ci.plugins:squashtm-publisher
(Maven)
Jun 24, 2022
Plaintext Storage of a Password in Jenkins Convertigo Mobile Platform Plugin
Moderate
CVE-2022-34199
was published
for
com.convertigo.jenkins.plugins:convertigo-mobile-platform
(Maven)
Jun 24, 2022
Insufficiently Protected Credentials via Insecure Temporary File in org.apache.nifi:nifi-single-user-utils
Moderate
CVE-2022-26850
was published
for
org.apache.nifi:nifi-single-user-utils
(Maven)
Jun 20, 2022
Insufficiently Protected Credentials in PowerJob
High
CVE-2020-28865
was published
for
com.github.kfcfans:powerjob
(Maven)
Jun 17, 2022
Mechanize before v2.8.5 vulnerable to authorization header leak on port redirect
Moderate
CVE-2022-31033
was published
for
mechanize
(RubyGems)
Jun 9, 2022
Ansible Exposes Sensitive Information
High
CVE-2021-20228
was published
for
ansible
(pip)
May 25, 2022
Jenkins Gem Publisher Plugin stores credentials as plaintext
Moderate
CVE-2019-10426
was published
for
net.arangamani.jenkins:gem-publisher
(Maven)
May 24, 2022
Jenkins GitLab Logo Plugin stores credentials unencrypted
Moderate
CVE-2019-10429
was published
for
org.jenkins-ci.plugins:gitlab-logo
(Maven)
May 24, 2022
Plaintext password storage in Jenkins InfluxDB Plugin
High
CVE-2019-10329
was published
for
org.jenkins-ci.plugins:influxdb
(Maven)
May 24, 2022
Apache Superset allowed for database connections password leak for authenticated users
High
CVE-2021-41972
was published
for
apache-superset
(pip)
May 24, 2022
Password stored in plain text by Jenkins Nomad Plugin
Moderate
CVE-2021-21681
was published
for
org.jenkins-ci.plugins:nomad
(Maven)
May 24, 2022
Passwords stored in plain text by Jenkins Jabber (XMPP) notifier and control Plugin
Moderate
CVE-2021-21634
was published
for
org.jvnet.hudson.plugins:jabber
(Maven)
May 24, 2022
SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod
Moderate
CVE-2021-25284
was published
for
salt
(pip)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API