Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

103 advisories

Loading
Magento 2 Community Edition Weak Cryptography Moderate
CVE-2019-8118 was published for magento/community-edition (Composer) May 24, 2022
Jenkins View26 Test-Reporting Plugin stores access token in plain text Moderate
CVE-2019-10452 was published for org.jenkins-ci.plugins:view26 (Maven) May 24, 2022
Jenkins SOASTA CloudTest Plugin stores API token in plain text Moderate
CVE-2019-10451 was published for com.soasta.jenkins:cloudtest (Maven) May 24, 2022
Cleartext Storage of Sensitive Information in Jenkins ElasticBox CI Plugin Low
CVE-2019-10450 was published for com.elasticbox.jenkins-ci.plugins:elasticbox (Maven) May 24, 2022
Jenkins Fortify on Demand Plugin stores credentials in plain text Moderate
CVE-2019-10449 was published for org.jenkins-ci.plugins:fortify-on-demand-uploader (Maven) May 24, 2022
Jenkins Delphix Plugin vulnerable to Cleartext credential storage High
CVE-2019-10453 was published for org.jenkins-ci.plugins:delphix (Maven) May 24, 2022
Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin High
CVE-2019-10448 was published for jenkins.xtc:extensivetesting (Maven) May 24, 2022
Jenkins Sofy.AI Plugin stores API token in plain text Moderate
CVE-2019-10447 was published for io.jenkins.plugins:sofy-ai (Maven) May 24, 2022
Jenkins iceScrum Plugin stores credentials in Cleartext High
CVE-2019-10443 was published for org.jenkins-ci.plugins:icescrum (Maven) May 24, 2022
Jenkins NeoLoad Plugin stores credentials in cleartext High
CVE-2019-10440 was published for org.jenkins-ci.plugins:neoload-jenkins-plugin (Maven) May 24, 2022
Centreon Sensitive Data Exposure Moderate
CVE-2019-17106 was published for centreon/centreon (Composer) May 24, 2022
DingTalk Plugin stores credentials in plain text Low
CVE-2019-10433 was published for io.jenkins.plugins:dingding-notifications (Maven) May 24, 2022
Jenkins Caliper CI Plugin stores credentials in plain text Moderate
CVE-2019-10351 was published for com.brianfromoregon:caliper-ci (Maven) May 24, 2022
Jenkins Port Allocator Plugin stores credentials in plain text Moderate
CVE-2019-10350 was published for org.jenkins-ci.plugins:port-allocator (Maven) May 24, 2022
Jenkins Gogs Plugin stored credentials in plain text Moderate
CVE-2019-10348 was published for org.jenkins-ci.plugins:gogs-webhook (Maven) May 24, 2022
Jenkins SonarQube Plugin Stores Passwords in Cleartext Moderate
CVE-2013-5676 was published for org.jenkins-ci.plugins:sonar (Maven) May 17, 2022
Plaintext Storage of Sensitive Information in Laravel Log Viewer before v0.13.0 High
CVE-2018-8947 was published for rap2hpoutre/laravel-log-viewer (Composer) May 13, 2022
Jenkins Support Core Plugin stores sensitive data in plain text Moderate
CVE-2022-25187 was published for org.jenkins-ci.plugins:support-core (Maven) Feb 16, 2022
westonsteimel
Instance config inline secret exposure in Grafana Moderate
CVE-2021-41090 was published for github.com/grafana/agent (Go) Dec 8, 2021
Unencrypted storage of client side sessions Moderate
CVE-2021-29481 was published for io.ratpack:ratpack-session (Maven) Jul 1, 2021
JLLeitschuh
django-celery-results Stores Sensitive Information In Cleartext High
CVE-2020-17495 was published for django-celery-results (pip) Jun 4, 2021
G-Rath
Cleartext storage of session identifier Moderate
CVE-2021-21339 was published for typo3/cms (Composer) Mar 23, 2021
ohader
Parse Server stores password in plain text Low
CVE-2020-26288 was published for parse-server (npm) Dec 28, 2020
fastrde depsir
Apache Airflow logs passwords in plaintext Low
CVE-2020-17511 was published for apache-airflow (pip) Dec 17, 2020
Cleartext storage of session identifier High
CVE-2020-26228 was published for typo3/cms (Composer) Nov 23, 2020
liayn bmack
ohader
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database