GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,667
Maven
5,000+
npm
4,295
NuGet
760
pip
4,073
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+
193 advisories
Filter by severity
Jenkins Curseforge Publisher Plugin does not mask API Keys displayed on the job configuration form
Moderate
CVE-2025-64147
was published
for
org.jenkins-ci.plugins:curseforge-publisher
(Maven)
Oct 29, 2025
Jenkins Curseforge Publisher Plugin stores API Keys unencrypted in job config.xml files
Moderate
CVE-2025-64146
was published
for
org.jenkins-ci.plugins:curseforge-publisher
(Maven)
Oct 29, 2025
Jenkins OpenShift Pipeline Plugin stores authorization tokens unencrypted in job config.xml files
Moderate
CVE-2025-64143
was published
for
com.openshift.jenkins:openshift-pipeline
(Maven)
Oct 29, 2025
Jenkins ByteGuard Build Actions Plugin stores API tokens unencrypted in job config.xml files
Moderate
CVE-2025-64144
was published
for
io.jenkins.plugins:byteguard-build-actions
(Maven)
Oct 29, 2025
Jenkins ByteGuard Build Actions Plugin does not mask API tokens displayed on the job configuration form
Moderate
CVE-2025-64145
was published
for
io.jenkins.plugins:byteguard-build-actions
(Maven)
Oct 29, 2025
DragonFly's tiny file download uses hard coded HTTP protocol
Moderate
CVE-2025-59410
was published
for
d7y.io/dragonfly/v2
(Go)
Sep 17, 2025
Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon...
Moderate
Unreviewed
CVE-2025-10227
was published
Sep 10, 2025
HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms...
Moderate
Unreviewed
CVE-2025-31977
was published
Aug 28, 2025
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >=...
Moderate
Unreviewed
CVE-2024-41982
was published
Aug 12, 2025
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS...
Moderate
Unreviewed
CVE-2025-43274
was published
Jul 30, 2025
Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the...
Moderate
Unreviewed
CVE-2025-40680
was published
Jul 25, 2025
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information...
Moderate
Unreviewed
CVE-2025-33020
was published
Jul 23, 2025
IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22
could be vulnerable to information...
Moderate
Unreviewed
CVE-2025-36062
was published
Jul 21, 2025
Jenkins Xooa Plugin vulnerability exposes unencrypted tokens to authenticated users
Moderate
CVE-2025-53676
was published
for
io.jenkins.plugins:xooa
(Maven)
Jul 9, 2025
Jenkins QMetry Test Management Plugin stores unencrypted API keys
Moderate
CVE-2025-53659
was published
for
org.jenkins-ci.plugins:qmetry-test-management
(Maven)
Jul 9, 2025
Jenkins IBM Cloud DevOps Plugin vulnerability exposes SonarQube authentication tokens
Moderate
CVE-2025-53663
was published
for
com.ibm.devops:ibm-cloud-devops
(Maven)
Jul 9, 2025
Jenkins Dead Man's Snitch Plugin vulnerability stores tokens in plain text
Moderate
CVE-2025-53666
was published
for
org.jenkins-ci.plugins:deadmanssnitch
(Maven)
Jul 9, 2025
Jenkins VAddy Plugin vulnerability exposes unencrypted keys to certain authenticated users
Moderate
CVE-2025-53668
was published
for
org.jenkins-ci.plugins:vaddy-plugin
(Maven)
Jul 9, 2025
Jenkins Sensedia API Platform Plugin vulnerability exposes unencrypted tokens in its global configuration file
Moderate
CVE-2025-53673
was published
for
org.jenkins-ci.plugins:sensedia-api-platform
(Maven)
Jul 9, 2025
Jenkins Aqua Security Scanner Plugin vulnerability exposes scanner tokens
Moderate
CVE-2025-53653
was published
for
org.jenkins-ci.plugins:aqua-security-scanner
(Maven)
Jul 9, 2025
Milestone Systems has discovered a
security vulnerability in Milestone XProtect installer that...
Moderate
Unreviewed
CVE-2025-1688
was published
Apr 15, 2025
Jenkins AsakusaSatellite Plugin Does not Mask API Keys via Job Configuration Form
Moderate
CVE-2025-31728
was published
for
org.codefirst.jenkins.asakusasatellite:asakusa-satellite-plugin
(Maven)
Apr 2, 2025
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2...
Moderate
Unreviewed
CVE-2023-37405
was published
Mar 27, 2025
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI
could allow a remote...
Moderate
Unreviewed
CVE-2024-38325
was published
Jan 27, 2025
IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive...
Moderate
Unreviewed
CVE-2024-41757
was published
Jan 24, 2025
ProTip!
Advisories are also available from the
GraphQL API