Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,828
Erlang
36
GitHub Actions
33
Go
2,446
Maven
5,000+
npm
4,063
NuGet
723
pip
3,866
Pub
12
RubyGems
943
Rust
1,008
Swift
39
Unreviewed advisories
All unreviewed
5,000+

61 advisories

Loading
Sensitive data written to disk unencrypted in Spark High
CVE-2019-10099 was published for org.apache.spark:spark-core_2.11 (Maven) Aug 8, 2019
Unencrypted storage of client side sessions Moderate
CVE-2021-29481 was published for io.ratpack:ratpack-session (Maven) Jul 1, 2021
JLLeitschuh
Jenkins Support Core Plugin stores sensitive data in plain text Moderate
CVE-2022-25187 was published for org.jenkins-ci.plugins:support-core (Maven) Feb 16, 2022
westonsteimel
Jenkins SonarQube Plugin Stores Passwords in Cleartext Moderate
CVE-2013-5676 was published for org.jenkins-ci.plugins:sonar (Maven) May 17, 2022
Jenkins Gogs Plugin stored credentials in plain text Moderate
CVE-2019-10348 was published for org.jenkins-ci.plugins:gogs-webhook (Maven) May 24, 2022
Jenkins Port Allocator Plugin stores credentials in plain text Moderate
CVE-2019-10350 was published for org.jenkins-ci.plugins:port-allocator (Maven) May 24, 2022
Jenkins Caliper CI Plugin stores credentials in plain text Moderate
CVE-2019-10351 was published for com.brianfromoregon:caliper-ci (Maven) May 24, 2022
DingTalk Plugin stores credentials in plain text Low
CVE-2019-10433 was published for io.jenkins.plugins:dingding-notifications (Maven) May 24, 2022
Jenkins NeoLoad Plugin stores credentials in cleartext High
CVE-2019-10440 was published for org.jenkins-ci.plugins:neoload-jenkins-plugin (Maven) May 24, 2022
Jenkins iceScrum Plugin stores credentials in Cleartext High
CVE-2019-10443 was published for org.jenkins-ci.plugins:icescrum (Maven) May 24, 2022
Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin High
CVE-2019-10448 was published for jenkins.xtc:extensivetesting (Maven) May 24, 2022
Jenkins Sofy.AI Plugin stores API token in plain text Moderate
CVE-2019-10447 was published for io.jenkins.plugins:sofy-ai (Maven) May 24, 2022
Cleartext Storage of Sensitive Information in Jenkins ElasticBox CI Plugin Low
CVE-2019-10450 was published for com.elasticbox.jenkins-ci.plugins:elasticbox (Maven) May 24, 2022
Jenkins Delphix Plugin vulnerable to Cleartext credential storage High
CVE-2019-10453 was published for org.jenkins-ci.plugins:delphix (Maven) May 24, 2022
Jenkins View26 Test-Reporting Plugin stores access token in plain text Moderate
CVE-2019-10452 was published for org.jenkins-ci.plugins:view26 (Maven) May 24, 2022
Jenkins SOASTA CloudTest Plugin stores API token in plain text Moderate
CVE-2019-10451 was published for com.soasta.jenkins:cloudtest (Maven) May 24, 2022
Jenkins Fortify on Demand Plugin stores credentials in plain text Moderate
CVE-2019-10449 was published for org.jenkins-ci.plugins:fortify-on-demand-uploader (Maven) May 24, 2022
Jenkins Zephyr for JIRA Test Management Plugin stores credentials in plain text Low
CVE-2020-2154 was published for org.jenkins-ci.plugins:zephyr-for-jira-test-management (Maven) May 24, 2022
NotMyFault
Passwords stored in plain text by Jenkins Artifactory Plugin Low
CVE-2020-2164 was published for org.jenkins-ci.plugins:artifactory (Maven) May 24, 2022
NotMyFault
Credentials stored in plain text by Jenkins Copr Plugin Moderate
CVE-2020-2177 was published for org.fedoraproject.jenkins.plugins:copr (Maven) May 24, 2022
NotMyFault
nsufficiently Protected Credentials in ActiveMQ Artemis Moderate
CVE-2020-10727 was published for org.apache.activemq:artemis-commons (Maven) May 24, 2022
Passwords stored in plain text by ElasTest Plugin Moderate
CVE-2020-2274 was published for org.jenkins-ci.plugins:elastest (Maven) May 24, 2022
NotMyFault
Liferay Portal and Liferay DXP Stores User Passwords in Cleartext Moderate
CVE-2021-33325 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP autosaves form data for other users to see High
CVE-2021-33323 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Jenkins NeuVector Vulnerability Scanner Plugin stored credentials in plain text Moderate
CVE-2019-10430 was published for io.jenkins.plugins:neuvector-vulnerability-scanner (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database