GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
265 advisories
Filter by severity
Apache Tika contains incomplete fix for regex DoS
Low
CVE-2022-33879
was published
for
org.apache.tika:tika
(Maven)
Jun 28, 2022
Squash TM Publisher (Squash4Jenkins) Plugin stores passwords stored in plain text
Low
CVE-2022-34213
was published
for
org.jenkins-ci.plugins:squashtm-publisher
(Maven)
Jun 24, 2022
User passwords stored in plain text by Jenkins EasyQA Plugin
Low
CVE-2022-34202
was published
for
com.geteasyqa:easyqa
(Maven)
Jun 24, 2022
Path Traversal in XWiki Platform
Low
CVE-2022-29253
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jun 1, 2022
Support bundles can include user session IDs in Jenkins Support Core Plugin
Low
CVE-2021-21621
was published
for
org.jenkins-ci.plugins:support-core
(Maven)
May 24, 2022
Information leak in Gerrit
Low
CVE-2020-8920
was published
for
com.google.gerrit:gerrit-plugin-api
(Maven)
May 24, 2022
Password stored in plain text by Jenkins VMware Lab Manager Slaves Plugin
Low
CVE-2020-2319
was published
for
org.jenkins-ci.plugins:labmanager
(Maven)
May 24, 2022
Password stored in plain text by Jenkins AppSpider Plugin
Low
CVE-2020-2314
was published
for
com.rapid7:jenkinsci-appspider-plugin
(Maven)
May 24, 2022
Access token stored in plain text by Jenkins SMS Notification Plugin
Low
CVE-2020-2297
was published
for
com.hoiio.jenkins:sms
(Maven)
May 24, 2022
Password stored in plain text by Jenkins couchdb-statistics Plugin
Low
CVE-2020-2291
was published
for
org.jenkins-ci.plugins:couchdb-statistics
(Maven)
May 24, 2022
Credentials stored in plain text by Jenkins tfs Plugin
Low
CVE-2020-2249
was published
for
org.jenkins-ci.plugins:tfs
(Maven)
May 24, 2022
Secret stored in plain text by Jenkins Parameterized Remote Trigger Plugin
Low
CVE-2020-2239
was published
for
org.jenkins-ci.plugins:Parameterized-Remote-Trigger
(Maven)
May 24, 2022
Jenkins Email Extension Plugin SMTP password transmitted and displayed in plain text
Low
CVE-2020-2232
was published
for
org.jenkins-ci.plugins:email-ext
(Maven)
May 24, 2022
Password stored in plain text by Jenkins HP ALM Quality Center Plugin
Low
CVE-2020-2218
was published
for
org.jenkins-ci.plugins:hp-quality-center
(Maven)
May 24, 2022
Passwords transmitted in plain text by Jenkins Stash Branch Parameter Plugin
Low
CVE-2020-2210
was published
for
org.jenkins-ci.plugins:StashBranchParameter
(Maven)
May 24, 2022
CSRF vulnerability in Amazon EC2 Plugin
Low
CVE-2020-2186
was published
for
org.jenkins-ci.plugins:ec2
(Maven)
May 24, 2022
Improper masking of some secrets in Jenkins Credentials Binding Plugin
Low
CVE-2020-2182
was published
for
org.jenkins-ci.plugins:credentials-binding
(Maven)
May 24, 2022
Passwords stored in plain text by Jenkins Artifactory Plugin
Low
CVE-2020-2164
was published
for
org.jenkins-ci.plugins:artifactory
(Maven)
May 24, 2022
Passwords transmitted in plain text by Jenkins Artifactory Plugin
Low
CVE-2020-2165
was published
for
org.jenkins-ci.plugins:artifactory
(Maven)
May 24, 2022
Credentials transmitted in plain text by Skytap Cloud CI Plugin
Low
CVE-2020-2157
was published
for
org.jenkins-ci.plugins:skytap
(Maven)
May 24, 2022
Credentials transmitted in plain text by Jenkins DeployHub Plugin
Low
CVE-2020-2156
was published
for
com.openmake:deployhub
(Maven)
May 24, 2022
Credentials transmitted in plain text by Backlog Plugin
Low
CVE-2020-2153
was published
for
org.jenkins-ci.plugins:backlog
(Maven)
May 24, 2022
Credentials transmitted in plain text by OpenShift Deployer Plugin
Low
CVE-2020-2155
was published
for
org.jenkins-ci.plugins:openshift-deployer
(Maven)
May 24, 2022
Jenkins Zephyr for JIRA Test Management Plugin stores credentials in plain text
Low
CVE-2020-2154
was published
for
org.jenkins-ci.plugins:zephyr-for-jira-test-management
(Maven)
May 24, 2022
Jenkins Sonar Quality Gates Plugin transmits credentials in plain text during configuration
Low
CVE-2020-2150
was published
for
org.jenkins-ci.plugins:sonar-quality-gates
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API