Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

387 advisories

Loading
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila,... High Unreviewed
CVE-2020-27781 was published May 24, 2022
Weave GitOps Terraform Controller Information Disclosure Vulnerability High
CVE-2023-34236 was published for github.com/weaveworks/tf-controller (Go) Jul 14, 2023
greenu
Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption),... High Unreviewed
CVE-2021-39289 was published May 24, 2022
Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account... High Unreviewed
CVE-2023-43905 was published Oct 26, 2023
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text... High Unreviewed
CVE-2023-6254 was published Nov 27, 2023
Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile... High Unreviewed
CVE-2020-8968 was published Dec 18, 2021
RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the... High Unreviewed
CVE-2023-44303 was published Nov 24, 2023
Jenkins jira-ext Plugin stores credentials unencrypted High
CVE-2019-10302 was published for org.jenkins-ci.plugins:jira-ext (Maven) May 24, 2022
Data leak of password hash through change requests High
CVE-2023-49280 was published for org.xwiki.contrib.changerequest:application-changerequest-default (Maven) Dec 5, 2023
michitux
Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user... High Unreviewed
CVE-2023-32268 was published Dec 6, 2023
Stored credentials unencrypted in Jenkins Mashup Portlets Plugin High
CVE-2019-10347 was published for javagh.jenkins:mashup-portlets-plugin (Maven) May 24, 2022
Opencast publishes global system account credentials High
CVE-2018-16153 was published for org.opencastproject:opencast-common (Maven) Dec 14, 2021
gregorydlogan lkiesow
smarquard
Plaintext password storage in Jenkins InfluxDB Plugin High
CVE-2019-10329 was published for org.jenkins-ci.plugins:influxdb (Maven) May 24, 2022
westonsteimel
Jenkins Bitbucket OAuth Plugin contains Insufficiently Protected Credentials High
CVE-2019-10460 was published for org.jenkins-ci.plugins:bitbucket-oauth (Maven) May 24, 2022
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables High
CVE-2023-46115 was published for @tauri-apps/cli (npm) Oct 20, 2023
The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords,... High Unreviewed
CVE-2023-6421 was published Jan 1, 2024
Jenkins Crowd 2 Integration Plugin stored credentials in plain text High
CVE-2018-1000423 was published for org.jenkins-ci.plugins:crowd2 (Maven) May 13, 2022
Jenkins Assembla Auth Plugin stores credentials in plain text High
CVE-2019-10280 was published for org.jenkins-ci.plugins:assembla-auth (Maven) May 13, 2022
Jenkins StarTeam Plugin stores credentials in plain text High
CVE-2019-10277 was published for hudson.plugins:starteam (Maven) May 13, 2022
Jenkins Kmap Plugin stores credentials in plain text High
CVE-2019-10294 was published for org.jenkins-ci.plugins:kmap-jenkins (Maven) May 13, 2022
Jenkins SonarQube Scanner Plugin stored server authentication token in plain text High
CVE-2018-1000425 was published for org.jenkins-ci.plugins:sonar (Maven) May 13, 2022
Jenkins Artifactory Plugin stored old directly entered credentials unencrypted on disk High
CVE-2018-1000424 was published for org.jenkins-ci.plugins:artifactory (Maven) May 13, 2022
Apache Kylin has Insufficiently Protected Credentials High
CVE-2023-29055 was published for org.apache.kylin:kylin-core-common (Maven) Jan 29, 2024
Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config... High Unreviewed
CVE-2024-22432 was published Jan 25, 2024
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized... High Unreviewed
CVE-2023-27975 was published Feb 14, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database