GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
34 advisories
Filter by severity
Snowflake JDBC Security Advisory
Moderate
CVE-2024-43382
was published
for
net.snowflake:snowflake-jdbc
(Maven)
Oct 30, 2024
Elasticsearch stores private key on disk unencrypted
Moderate
CVE-2024-23444
was published
for
org.elasticsearch:elasticsearch
(Maven)
Jul 31, 2024
silverstripe/framework users inadvertently passing sensitive data to LoginAttempt
Moderate
GHSA-ph62-fv59-vf9h
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Unencrypted traffic between nodes when using WireGuard and L7 policies
Moderate
CVE-2024-28250
was published
for
github.com/cilium/cilium
(Go)
Mar 18, 2024
Unencrypted traffic between nodes when using IPsec and L7 policies
Moderate
CVE-2024-28249
was published
for
github.com/cilium/cilium
(Go)
Mar 18, 2024
Unencrypted traffic between pods when using Wireguard and an external kvstore
Moderate
CVE-2024-25631
was published
for
github.com/cilium/cilium
(Go)
Feb 20, 2024
Unencrypted ingress/health traffic when using Wireguard transparent encryption
Moderate
CVE-2024-25630
was published
for
github.com/cilium/cilium
(Go)
Feb 20, 2024
1Panel set-cookie is missing the Secure keyword
Moderate
CVE-2024-24768
was published
for
github.com/1Panel-dev/1Panel
(Go)
Feb 5, 2024
Croc requires senders to provide local IP addresses in cleartext
Moderate
CVE-2023-43618
was published
for
github.com/schollz/croc/v9
(Go)
Sep 20, 2023
Jenkins Active Directory Plugin vulnerable to Active Directory credential disclosure
Moderate
CVE-2023-37943
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
Jul 12, 2023
Jenkins Ansible Plugin stores and displays secrets in plain text
Moderate
CVE-2023-32982
was published
for
org.jenkins-ci.plugins:ansible
(Maven)
May 16, 2023
Docker Swarm encrypted overlay network traffic may be unencrypted
Moderate
CVE-2023-28841
was published
for
github.com/docker/docker
(Go)
Apr 4, 2023
usememos/memos missing Secure cookie attribute
Moderate
CVE-2022-4683
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
rdiffweb has insecure HTTP cookies
Moderate
CVE-2022-3250
was published
for
rdiffweb
(pip)
Sep 22, 2022
Insecure cookies in Openshift Origin
Moderate
CVE-2015-3207
was published
for
github.com/openshift/origin
(Go)
Jul 8, 2022
Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin
Moderate
CVE-2020-2250
was published
for
org.jenkins-ci.plugins:soapui-pro-functional-testing
(Maven)
May 24, 2022
OpenStack Keystone does not check signature TTL of the EC2 credential auth method
Moderate
CVE-2020-12692
was published
for
keystone
(pip)
May 24, 2022
Cleartext Transmission of Sensitive Information in Jenkins Configuration as Code Plugin
Moderate
CVE-2019-10363
was published
for
io.jenkins:configuration-as-code
(Maven)
May 24, 2022
Jenkins WebSphere Deployer Plugin stores credentials in plain text
Moderate
CVE-2019-1003056
was published
for
org.jenkins-ci.plugins:websphere-deployer
(Maven)
May 13, 2022
Jenkins VMware vRealize Automation Plugin Missing Encryption of Sensitive Data
Moderate
CVE-2019-1003068
was published
for
com.inkysea.vmware.vra:vmware-vrealize-automation-plugin
(Maven)
May 13, 2022
Jenkins Trac Publisher Plugin stores credentials in plain text
Moderate
CVE-2019-1003067
was published
for
org.jenkins-ci.plugins:trac-publisher-plugin
(Maven)
May 13, 2022
Jenkins Jira Issue Updater Plugin stores credentials in plain text
Moderate
CVE-2019-1003054
was published
for
info.bluefloyd.jenkins:jenkins-jira-issue-updater
(Maven)
May 13, 2022
Jenkins CloudFormation Plugin stores credentials in plain text
Moderate
CVE-2019-1003061
was published
for
org.jenkins-ci.plugins:jenkins-cloudformation-plugin
(Maven)
May 13, 2022
Jenkins Upload to pgyer Plugin stores credentials in plain text
Moderate
CVE-2019-1003089
was published
for
ren.helloworld:upload-pgyer
(Maven)
May 13, 2022
Jenkins Open STF Plugin stores credentials in plain text
Moderate
CVE-2019-1003094
was published
for
org.jenkins-ci.plugins:open-stf
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API