Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

62 advisories

Loading
Mattermost has Insufficiently Protected Credentials Low
CVE-2025-6227 was published for github.com/mattermost/mattermost-server (Go) Jul 18, 2025
Jenkins Testsigma Test Plan vulnerability exposes API keys via job configuration form Low
CVE-2025-53661 was published for io.jenkins.plugins:testsigma (Maven) Jul 9, 2025
Jenkins Zoho QEngine Plugin Displays Unmasked API Keys Low
CVE-2025-30197 was published for io.jenkins.plugins:zohoqengine (Maven) Mar 19, 2025
python-keystoneclient vulnerable to context confusion in Keystone auth_token middleware Low
CVE-2014-0105 was published for python-keystoneclient (pip) May 17, 2022
Cloudtoken Insufficiently Protects Credentials Low
CVE-2018-13390 was published for cloudtoken (pip) May 13, 2022
Jenkins Weibo Plugin stores credentials unencrypted in its global configuration file Low
CVE-2019-16572 was published for org.jenkins-ci.plugins:weibo (Maven) May 24, 2022
Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext Low
CVE-2024-34147 was published for org.jenkins-ci.plugins:telegrambot (Maven) May 2, 2024
Password hash exposed in CraftCMS two factor authentication plugin Low
CVE-2024-5657 was published for born05/craft-twofactorauthentication (Composer) Jun 6, 2024
Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration Low
CVE-2020-2114 was published for org.jenkins-ci.plugins:s3 (Maven) May 24, 2022
NotMyFault
Jenkins Beaker Builder Plugin has Insufficiently Protected Credentials Low
CVE-2019-10398 was published for org.jenkins-ci.plugins:beaker-builder (Maven) May 24, 2022
Token stored in plain text by DigitalOcean Plugin Low
CVE-2020-2126 was published for com.dubture.jenkins:digitalocean-plugin (Maven) May 24, 2022
NotMyFault
Jenkins Coverity Plugin has Insufficiently Protected Credentials Low
CVE-2018-1000104 was published for org.jenkins-ci.plugins:coverity (Maven) May 13, 2022
Jenkins Maven Release Plug-in Plugin stored credentials in plain text Low
CVE-2019-10361 was published for org.jenkins-ci.plugins.m2release:m2release (Maven) May 24, 2022
Improper masking of some secrets in Jenkins Credentials Binding Plugin Low
CVE-2020-2182 was published for org.jenkins-ci.plugins:credentials-binding (Maven) May 24, 2022
NotMyFault
Jenkins Azure AD Plugin stored the client secret unencrypted Low
CVE-2019-10318 was published for org.jenkins-ci.plugins:azure-ad (Maven) May 24, 2022
Passwords stored in plain text by Jenkins hpe-network-virtualization plugin Low
CVE-2022-34816 was published for org.jenkins-ci.plugins:hpe-network-virtualization (Maven) Jul 1, 2022
NotMyFault
Password stored in plain text by Jenkins RQM Plugin Low
CVE-2022-34809 was published for net.praqma:rqm-plugin (Maven) Jul 1, 2022
NotMyFault
Plaintext Storage of a Password in Jenkins Jigomerge Plugin Low
CVE-2022-34806 was published for org.jenkins-ci.plugins:jigomerge (Maven) Jul 1, 2022
NotMyFault
Plaintext Storage of a Password in Jenkins Skype notifier Plugin Low
CVE-2022-34805 was published for org.jenkins-ci.plugins:skype-notifier (Maven) Jul 1, 2022
NotMyFault
Plaintext Storage of a Password in Jenkins RocketChat Notifier Plugin Low
CVE-2022-34802 was published for org.jenkins-ci.plugins:rocketchatnotifier (Maven) Jul 1, 2022
NotMyFault
Plaintext Storage of a Password in Jenkins Deployment Dashboard Plugin Low
CVE-2022-34799 was published for org.jenkins-ci.plugins:ec2-deployment-dashboard (Maven) Jul 1, 2022
NotMyFault
Plaintext Storage of a Password in Jenkins Build Notifications Plugin Low
CVE-2022-34800 was published for tools.devnull:build-notifications (Maven) Jul 1, 2022
NotMyFault
Password stored in plain text by Jenkins Publish Over SSH Plugin Low
CVE-2022-23114 was published for org.jenkins-ci.plugins:publish-over-ssh (Maven) Jan 13, 2022
NotMyFault MarkLee131
Jenkins NS-ND Integration Performance Publisher Plugin displays credentials without masking Low
CVE-2023-33000 was published for io.jenkins.plugins:cavisson-ns-nd-integration (Maven) May 16, 2023
PostgresNIO processes unencrypted bytes from man-in-the-middle Low
CVE-2023-31136 was published for github.com/vapor/postgres-nio (Swift) May 10, 2023
fabianfett gwynne
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database