GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
42 advisories
Filter by severity
Missing encryption in Apache Directory Studio
High
CVE-2021-33900
was published
for
org.apache.directory.studio:org.apache.directory.studio.parent
(Maven)
Aug 9, 2021
Missing Encryption of Sensitive Data in arrow-kt Arrow
Moderate
CVE-2019-11404
was published
for
io.arrow-kt:arrow-ank-gradle
(Maven)
Apr 22, 2019
Missing Encryption of Sensitive Data in Apache Guacamole
High
CVE-2018-1340
was published
for
org.apache.guacamole:guacamole-common
(Maven)
May 13, 2022
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows decrypting secrets
Moderate
CVE-2022-23116
was published
for
org.conjur.jenkins:conjur-credentials
(Maven)
Jan 13, 2022
OpenAPI Tools OpenAPI Generator uses HTTP in various files
High
CVE-2019-11405
was published
for
org.openapitools:openapi-generator
(Maven)
May 24, 2022
Client Secret stored in plain text by Jenkins GitLab Authentication Plugin
Low
CVE-2022-27206
was published
for
org.jenkins-ci.plugins:gitlab-oauth
(Maven)
Mar 16, 2022
Jenkins Aqua Security Scanner Plugin stores credentials in plain text
Low
CVE-2019-1003069
was published
for
org.jenkins-ci.plugins:aqua-security-scanner
(Maven)
May 13, 2022
Jenkins Octopus Deploy Plugin stores credentials in plain text
Low
CVE-2019-1003071
was published
for
hudson.plugins.octopusdeploy:octopusdeploy
(Maven)
May 13, 2022
Jenkins OWASP ZAP Plugin stores unencrypted credentials
Low
CVE-2019-1003060
was published
for
org.jenkins-ci.plugins:zap
(Maven)
May 13, 2022
Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials in plain text
Low
CVE-2019-1003052
was published
for
org.jenkins-ci.plugins:aws-beanstalk-publisher-plugin
(Maven)
May 13, 2022
Jenkins IRC Plugin stores credentials in plain text
Low
CVE-2019-1003051
was published
for
org.jvnet.hudson.plugins:ircbot
(Maven)
May 13, 2022
Jenkins Amazon SNS Build Notifier Plugin stores credentials in plain text
Low
CVE-2019-1003063
was published
for
org.jenkins-ci.plugins:snsnotify
(Maven)
May 13, 2022
Jenkins WebSphere Deployer Plugin stores credentials in plain text
Moderate
CVE-2019-1003056
was published
for
org.jenkins-ci.plugins:websphere-deployer
(Maven)
May 13, 2022
Jenkins Jira Issue Updater Plugin stores credentials in plain text
Moderate
CVE-2019-1003054
was published
for
info.bluefloyd.jenkins:jenkins-jira-issue-updater
(Maven)
May 13, 2022
Jenkins VMware vRealize Automation Plugin Missing Encryption of Sensitive Data
Moderate
CVE-2019-1003068
was published
for
com.inkysea.vmware.vra:vmware-vrealize-automation-plugin
(Maven)
May 13, 2022
Jenkins CloudShare Docker-Machine Plugin stores credentials in plain text
Low
CVE-2019-1003065
was published
for
org.jenkins-ci.plugins:cloudshare-docker
(Maven)
May 13, 2022
Jenkins FTP publisher Plugin stores credentials in plain text
Low
CVE-2019-1003055
was published
for
org.jvnet.hudson.plugins:ftppublisher
(Maven)
May 13, 2022
Jenkins Bitbucket Approve Plugin stores credentials in plain text
Low
CVE-2019-1003057
was published
for
org.jenkins-ci.plugins:bitbucket-approve
(Maven)
May 13, 2022
Jenkins Trac Publisher Plugin stores credentials in plain text
Moderate
CVE-2019-1003067
was published
for
org.jenkins-ci.plugins:trac-publisher-plugin
(Maven)
May 13, 2022
Jenkins Bugzilla Plugin stores credentials in plain text
Low
CVE-2019-1003066
was published
for
org.jvnet.hudson.plugins:bugzilla
(Maven)
May 13, 2022
Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials in plain text
Low
CVE-2019-1003062
was published
for
org.jenkins-ci.plugins:aws-cloudwatch-logs-publisher
(Maven)
May 13, 2022
Jenkins aws-device-farm Plugin stores credentials in plain text
Low
CVE-2019-1003064
was published
for
org.jenkins-ci.plugins:aws-device-farm
(Maven)
May 13, 2022
Jenkins veracode-scanner Plugin stores credentials in plain text
Low
CVE-2019-1003070
was published
for
org.jenkins-ci.plugins:veracode-scanner
(Maven)
May 13, 2022
Jenkins Audit to Database Plugin stores credentials in plain text
Low
CVE-2019-1003075
was published
for
org.jenkins-ci.plugins:audit2db
(Maven)
May 13, 2022
Jenkins wildFly Deployer Plugin stores credentials in plain text
Moderate
CVE-2019-1003072
was published
for
org.jenkins-ci.plugins:wildfly-deployer
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API