Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

22 advisories

Loading
[PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS` Low
CVE-2024-41124 was published for puncia (pip) Jul 19, 2024
SCH227 g147
1Panel set-cookie is missing the Secure keyword Low
CVE-2024-24768 was published for github.com/1Panel-dev/1Panel (Go) Feb 5, 2024
anonymous-nlp-student
Secret stored in plain text by Jenkins Parameterized Remote Trigger Plugin Low
CVE-2020-2239 was published for org.jenkins-ci.plugins:Parameterized-Remote-Trigger (Maven) May 24, 2022
NotMyFault
Credentials stored in plain text by Jenkins tfs Plugin Low
CVE-2020-2249 was published for org.jenkins-ci.plugins:tfs (Maven) May 24, 2022
NotMyFault
Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials in plain text Low
CVE-2019-1003052 was published for org.jenkins-ci.plugins:aws-beanstalk-publisher-plugin (Maven) May 13, 2022
Jenkins IRC Plugin stores credentials in plain text Low
CVE-2019-1003051 was published for org.jvnet.hudson.plugins:ircbot (Maven) May 13, 2022
Jenkins Bitbucket Approve Plugin stores credentials in plain text Low
CVE-2019-1003057 was published for org.jenkins-ci.plugins:bitbucket-approve (Maven) May 13, 2022
Jenkins OWASP ZAP Plugin stores unencrypted credentials Low
CVE-2019-1003060 was published for org.jenkins-ci.plugins:zap (Maven) May 13, 2022
Jenkins Amazon SNS Build Notifier Plugin stores credentials in plain text Low
CVE-2019-1003063 was published for org.jenkins-ci.plugins:snsnotify (Maven) May 13, 2022
Jenkins Aqua Security Scanner Plugin stores credentials in plain text Low
CVE-2019-1003069 was published for org.jenkins-ci.plugins:aqua-security-scanner (Maven) May 13, 2022
Jenkins aws-device-farm Plugin stores credentials in plain text Low
CVE-2019-1003064 was published for org.jenkins-ci.plugins:aws-device-farm (Maven) May 13, 2022
Jenkins FTP publisher Plugin stores credentials in plain text Low
CVE-2019-1003055 was published for org.jvnet.hudson.plugins:ftppublisher (Maven) May 13, 2022
Jenkins veracode-scanner Plugin stores credentials in plain text Low
CVE-2019-1003070 was published for org.jenkins-ci.plugins:veracode-scanner (Maven) May 13, 2022
Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials in plain text Low
CVE-2019-1003062 was published for org.jenkins-ci.plugins:aws-cloudwatch-logs-publisher (Maven) May 13, 2022
Jenkins CloudShare Docker-Machine Plugin stores credentials in plain text Low
CVE-2019-1003065 was published for org.jenkins-ci.plugins:cloudshare-docker (Maven) May 13, 2022
Jenkins Bugzilla Plugin stores credentials in plain text Low
CVE-2019-1003066 was published for org.jvnet.hudson.plugins:bugzilla (Maven) May 13, 2022
Jenkins hyper.sh Commons Plugin stores credentials in plain text Low
CVE-2019-1003074 was published for sh.hyper.plugins:hyper-commons (Maven) May 13, 2022
Jenkins Octopus Deploy Plugin stores credentials in plain text Low
CVE-2019-1003071 was published for hudson.plugins.octopusdeploy:octopusdeploy (Maven) May 13, 2022
Jenkins Audit to Database Plugin stores credentials in plain text Low
CVE-2019-1003075 was published for org.jenkins-ci.plugins:audit2db (Maven) May 13, 2022
Jenkins PRQA Plugin stored password in plain text Low
CVE-2019-1003048 was published for com.programmingresearch:prqa-plugin (Maven) May 13, 2022
Client Secret stored in plain text by Jenkins GitLab Authentication Plugin Low
CVE-2022-27206 was published for org.jenkins-ci.plugins:gitlab-oauth (Maven) Mar 16, 2022
NotMyFault
Resources Downloaded over Insecure Protocol in igniteui Low
CVE-2016-10552 was published for igniteui (npm) Feb 18, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database