Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

130 advisories

Loading
NeuVector process with sensitive arguments lead to leakage Moderate
CVE-2025-54467 was published for github.com/neuvector/neuvector (Go) Aug 28, 2025
Opencast still publishes global system account credentials Moderate
CVE-2025-54380 was published for org.opencastproject:opencast-common (Maven) Jul 25, 2025
lkiesow
Jenkins Mattermost Notification Plugin contains unencrypted storage of secret token Moderate
CVE-2019-10459 was published for org.jenkins-ci.plugins:mattermost (Maven) May 24, 2022
Jenkins Credentials Binding Plugin vulnerability can expose sensitive information in logger messages Moderate
CVE-2025-53650 was published for org.jenkins-ci.plugins:credentials-binding (Maven) Jul 9, 2025
Liferay Portal and Liferay DXP Includes LDAP Credentials in the Page URL Moderate
CVE-2022-42132 was published for com.liferay.portal:release.dxp.bom (Maven) Nov 15, 2022
Jenkins Apica Loadtest Plugin vulnerability exposes authentication tokens Moderate
CVE-2025-53664 was published for com.apica:ApicaLoadtest (Maven) Jul 9, 2025
Jenkins Apica Loadtest Plugin vulnerability exposes authentication tokens Moderate
CVE-2025-53665 was published for com.apica:ApicaLoadtest (Maven) Jul 9, 2025
Jenkins IBM Cloud DevOps Plugin vulnerability exposes SonarQube authentication tokens Moderate
CVE-2025-53663 was published for com.ibm.devops:ibm-cloud-devops (Maven) Jul 9, 2025
Jenkins IFTTT Build Notifier Plugin vulnerability exposes IFTTT Maker Channel Keys Moderate
CVE-2025-53662 was published for org.jenkins-ci.plugins:ifttt-build-notifier (Maven) Jul 9, 2025
Jenkins QMetry Test Management Plugin vulnerability exposes API keys Moderate
CVE-2025-53660 was published for org.jenkins-ci.plugins:qmetry-test-management (Maven) Jul 9, 2025
Jenkins ReadyAPI Functional Testing Plugin vulnerability stores unencrypted authentication credentials Moderate
CVE-2025-53656 was published for org.jenkins-ci.plugins:soapui-pro-functional-testing (Maven) Jul 9, 2025
Jenkins Aqua Security Scanner Plugin vulnerability exposes scanner tokens Moderate
CVE-2025-53653 was published for org.jenkins-ci.plugins:aqua-security-scanner (Maven) Jul 9, 2025
Jenkins Applitools Eyes Plugin vulnerability does not mask API keys on its job configuration form Moderate
CVE-2025-53743 was published for org.jenkins-ci.plugins:applitools-eyes (Maven) Jul 9, 2025
Jenkins Dead Man's Snitch Plugin vulnerability stores tokens in plain text Moderate
CVE-2025-53666 was published for org.jenkins-ci.plugins:deadmanssnitch (Maven) Jul 9, 2025
Jenkins Dead Man's Snitch Plugin vulnerability does not mask tokens Moderate
CVE-2025-53667 was published for org.jenkins-ci.plugins:deadmanssnitch (Maven) Jul 9, 2025
Jenkins ReadyAPI Functional Testing Plugin vulnerability exposes secrets Moderate
CVE-2025-53657 was published for org.jenkins-ci.plugins:soapui-pro-functional-testing (Maven) Jul 9, 2025
Jenkins Statistics Gatherer Plugin vulnerability exposes AWS Secret Key Moderate
CVE-2025-53654 was published for org.jenkins.plugins.statistics.gatherer:statistics-gatherer (Maven) Jul 9, 2025
Requests vulnerable to .netrc credentials leak via malicious URLs Moderate
CVE-2024-47081 was published for requests (pip) Jun 9, 2025
sethmlarson jupenur
nateprewitt sigmavirus24
Liferay Portal and Liferay DXP May Reveal S3 Store's Proxy Password Moderate
CVE-2021-29043 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS Moderate
CVE-2025-32963 was published for github.com/minio/operator (Go) Apr 21, 2025
bburky pjuarezd
Jenkins allows Administrators to Access API Tokens Moderate
CVE-2015-5323 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Jenkins Credentials Binding Plugin Stores Passwords in a Recoverable Format Moderate
CVE-2019-1010241 was published for org.jenkins-ci.plugins:credentials-binding (Maven) May 24, 2022
Leantime has Insufficiently Protected Credentials Moderate
GHSA-h6w8-27ph-c385 was published for leantime/leantime (Composer) Feb 21, 2025
ANIKETishereok s0calledhacker
Eclipse Dataspace Components vulnerable to OAuth2 client secret disclosure Moderate
CVE-2024-4536 was published for org.eclipse.edc:connector-core (Maven) May 7, 2024
Jenkins Azure VM Agents Plugin missing permission checks Moderate
CVE-2023-32988 was published for org.jenkins-ci.plugins:azure-vm-agents (Maven) May 16, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database