Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

45 advisories

Loading
Jenkins Applitools Eyes Plugin vulnerability exposes unencrypted keys to certain authenticated users Moderate
CVE-2025-53742 was published for org.jenkins-ci.plugins:applitools-eyes (Maven) Jul 9, 2025
sevvalboylu
Jenkins Nouvola DiveCloud Plugin vulnerability stores unencrypted credentials Moderate
CVE-2025-53670 was published for org.jenkins-ci.plugins:nouvola-divecloud (Maven) Jul 9, 2025
Jenkins Kryptowire Plugin vulnerability stores unencrypted Kryptowire API key Moderate
CVE-2025-53672 was published for io.jenkins.plugins:kryptowire (Maven) Jul 9, 2025
junit-platform-reporting can leak Git credentials through its OpenTestReportGeneratingListener Moderate
CVE-2025-53103 was published for org.junit.platform:junit-platform-reporting (Maven) Jul 1, 2025
ciscoo marcphilipp
Tokens stored in plain text by PaaSLane Estimate Plugin Moderate
CVE-2023-50777 was published for com.cloudtp.jenkins:paaslane-estimate (Maven) Dec 13, 2023
Liferay Portal and Liferay DXP Stores User Passwords in Cleartext Moderate
CVE-2021-33325 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Jenkins AsakusaSatellite Plugin Stores API Keys Unencrypted in Job `config.xml` Files Moderate
CVE-2025-31727 was published for org.codefirst.jenkins.asakusasatellite:asakusa-satellite-plugin (Maven) Apr 2, 2025
Jenkins Stack Hammer Plugin Stores API Keys Unencrypted in Job `config.xml` Files Moderate
CVE-2025-31726 was published for org.jenkins-ci.plugins:stackhammer (Maven) Apr 2, 2025
Jenkins Cadence vManager Plugin Stores Verisium Manager vAPI keys Unencrypted Moderate
CVE-2025-31724 was published for org.jenkins-ci.plugins:vmanager-plugin (Maven) Apr 2, 2025
Jenkins monitor-remote-job Plugin Stores Passwords Unencrypted Moderate
CVE-2025-31725 was published for org.ukiuni.monitor-remote-job-plugin:monitor-remote-job (Maven) Apr 2, 2025
Jenkins Zoom Plugin Stores Sensitive Information in Cleartext Moderate
CVE-2025-0142 was published for io.jenkins.plugins:zoom (Maven) Jan 30, 2025
Jenkins SonarQube Plugin Stores Passwords in Cleartext Moderate
CVE-2013-5676 was published for org.jenkins-ci.plugins:sonar (Maven) May 17, 2022
Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission Moderate
CVE-2025-27622 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 6, 2025
Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission Moderate
CVE-2025-27623 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 6, 2025
Jenkins Ansible Plugin stores and displays secrets in plain text Moderate
CVE-2023-32982 was published for org.jenkins-ci.plugins:ansible (Maven) May 16, 2023
Infinispan caches credentials in clear text Moderate
CVE-2023-5384 was published for org.infinispan:infinispan-cachestore-jdbc (Maven) Dec 28, 2023
Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin Moderate
CVE-2023-50770 was published for org.jenkins-ci.plugins:oic-auth (Maven) Dec 13, 2023
westonsteimel
Jenkins NeuVector Vulnerability Scanner Plugin stored credentials in plain text Moderate
CVE-2019-10430 was published for io.jenkins.plugins:neuvector-vulnerability-scanner (Maven) May 24, 2022
Jenkins Ansible Plugin job configuration form does not mask variables Moderate
CVE-2023-32983 was published for org.jenkins-ci.plugins:ansible (Maven) May 16, 2023
Jenkins Support Core Plugin stores sensitive data in plain text Moderate
CVE-2022-25187 was published for org.jenkins-ci.plugins:support-core (Maven) Feb 16, 2022
westonsteimel
Jenkins Fortify on Demand Plugin stores credentials in plain text Moderate
CVE-2019-10449 was published for org.jenkins-ci.plugins:fortify-on-demand-uploader (Maven) May 24, 2022
Tokens stored in plain text by PaaSLane Estimate Plugin Moderate
CVE-2023-50776 was published for com.cloudtp.jenkins:paaslane-estimate (Maven) Dec 13, 2023
Displayed in plain text by Dingding JSON Pusher Plugin Moderate
CVE-2023-50773 was published for com.zintow:dingding-json-pusher (Maven) Dec 13, 2023
Tokens stored in plain text by Dingding JSON Pusher Plugin Moderate
CVE-2023-50772 was published for com.zintow:dingding-json-pusher (Maven) Dec 13, 2023
Credentials stored in plain text by Jenkins Copr Plugin Moderate
CVE-2020-2177 was published for org.fedoraproject.jenkins.plugins:copr (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database