Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,656
Maven
5,000+
npm
4,284
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

497 advisories

Loading
Jenkins Curseforge Publisher Plugin does not mask API Keys displayed on the job configuration form Moderate
CVE-2025-64147 was published for org.jenkins-ci.plugins:curseforge-publisher (Maven) Oct 29, 2025
Jenkins Curseforge Publisher Plugin stores API Keys unencrypted in job config.xml files Moderate
CVE-2025-64146 was published for org.jenkins-ci.plugins:curseforge-publisher (Maven) Oct 29, 2025
Jenkins OpenShift Pipeline Plugin stores authorization tokens unencrypted in job config.xml files Moderate
CVE-2025-64143 was published for com.openshift.jenkins:openshift-pipeline (Maven) Oct 29, 2025
Jenkins ByteGuard Build Actions Plugin stores API tokens unencrypted in job config.xml files Moderate
CVE-2025-64144 was published for io.jenkins.plugins:byteguard-build-actions (Maven) Oct 29, 2025
Jenkins ByteGuard Build Actions Plugin does not mask API tokens displayed on the job configuration form Moderate
CVE-2025-64145 was published for io.jenkins.plugins:byteguard-build-actions (Maven) Oct 29, 2025
An insecure implementation of the proprietary protocol DNET in Product CGM MEDICO allows... High Unreviewed
CVE-2025-48981 was published Oct 8, 2025
DragonFly's tiny file download uses hard coded HTTP protocol Moderate
CVE-2025-59410 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon... Moderate Unreviewed
CVE-2025-10227 was published Sep 10, 2025
HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms... Moderate Unreviewed
CVE-2025-31977 was published Aug 28, 2025
Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to... High Unreviewed
CVE-2025-48862 was published Aug 14, 2025
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >=... Moderate Unreviewed
CVE-2024-41982 was published Aug 12, 2025
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >=... Low Unreviewed
CVE-2024-41980 was published Aug 12, 2025
pyjwt v2.10.1 was discovered to contain weak encryption. High Unreviewed
CVE-2025-45768 was published Jul 31, 2025
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-43274 was published Jul 30, 2025
Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the... Moderate Unreviewed
CVE-2025-40680 was published Jul 25, 2025
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information... Moderate Unreviewed
CVE-2025-33020 was published Jul 23, 2025
IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could be vulnerable to information... Moderate Unreviewed
CVE-2025-36062 was published Jul 21, 2025
An issue was discovered in Kaseya Rapid Fire Tools Network Detective through 2.0.16.0. A... High Unreviewed
CVE-2025-32874 was published Jul 16, 2025
Jenkins Xooa Plugin vulnerability exposes unencrypted tokens to authenticated users Moderate
CVE-2025-53676 was published for io.jenkins.plugins:xooa (Maven) Jul 9, 2025
Jenkins User1st uTester Plugin vulnerability exposes unencrypted token to authenticated users Low
CVE-2025-53678 was published for io.jenkins.plugins:user1st-utester (Maven) Jul 9, 2025
Jenkins QMetry Test Management Plugin stores unencrypted API keys Moderate
CVE-2025-53659 was published for org.jenkins-ci.plugins:qmetry-test-management (Maven) Jul 9, 2025
Jenkins IBM Cloud DevOps Plugin vulnerability exposes SonarQube authentication tokens Moderate
CVE-2025-53663 was published for com.ibm.devops:ibm-cloud-devops (Maven) Jul 9, 2025
Jenkins Dead Man's Snitch Plugin vulnerability stores tokens in plain text Moderate
CVE-2025-53666 was published for org.jenkins-ci.plugins:deadmanssnitch (Maven) Jul 9, 2025
Jenkins VAddy Plugin vulnerability exposes unencrypted keys to certain authenticated users Moderate
CVE-2025-53668 was published for org.jenkins-ci.plugins:vaddy-plugin (Maven) Jul 9, 2025
Jenkins Sensedia API Platform Plugin vulnerability exposes unencrypted tokens in its global configuration file Moderate
CVE-2025-53673 was published for org.jenkins-ci.plugins:sensedia-api-platform (Maven) Jul 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database