GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,810
Erlang
36
GitHub Actions
31
Go
2,395
Maven
5,000+
npm
4,030
NuGet
721
pip
3,820
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+
52 advisories
Filter by severity
Jenkins User1st uTester Plugin vulnerability exposes unencrypted token to authenticated users
Low
CVE-2025-53678
was published
for
io.jenkins.plugins:user1st-utester
(Maven)
Jul 9, 2025
Jenkins Xooa Plugin vulnerability exposes unencrypted tokens to authenticated users
Moderate
CVE-2025-53676
was published
for
io.jenkins.plugins:xooa
(Maven)
Jul 9, 2025
Jenkins Sensedia API Platform Plugin vulnerability exposes unencrypted tokens in its global configuration file
Moderate
CVE-2025-53673
was published
for
org.jenkins-ci.plugins:sensedia-api-platform
(Maven)
Jul 9, 2025
Jenkins Dead Man's Snitch Plugin vulnerability stores tokens in plain text
Moderate
CVE-2025-53666
was published
for
org.jenkins-ci.plugins:deadmanssnitch
(Maven)
Jul 9, 2025
Jenkins VAddy Plugin vulnerability exposes unencrypted keys to certain authenticated users
Moderate
CVE-2025-53668
was published
for
org.jenkins-ci.plugins:vaddy-plugin
(Maven)
Jul 9, 2025
Jenkins IBM Cloud DevOps Plugin vulnerability exposes SonarQube authentication tokens
Moderate
CVE-2025-53663
was published
for
com.ibm.devops:ibm-cloud-devops
(Maven)
Jul 9, 2025
Jenkins QMetry Test Management Plugin stores unencrypted API keys
Moderate
CVE-2025-53659
was published
for
org.jenkins-ci.plugins:qmetry-test-management
(Maven)
Jul 9, 2025
Jenkins Aqua Security Scanner Plugin vulnerability exposes scanner tokens
Moderate
CVE-2025-53653
was published
for
org.jenkins-ci.plugins:aqua-security-scanner
(Maven)
Jul 9, 2025
Jenkins AsakusaSatellite Plugin Does not Mask API Keys via Job Configuration Form
Moderate
CVE-2025-31728
was published
for
org.codefirst.jenkins.asakusasatellite:asakusa-satellite-plugin
(Maven)
Apr 2, 2025
OpenDaylight SFC Insecure Shiro Cookie Configuration
High
CVE-2025-29314
was published
for
org.opendaylight.sfc:odl-sfc-openflow-renderer
(Maven)
Mar 24, 2025
Snowflake JDBC Security Advisory
Moderate
CVE-2024-43382
was published
for
net.snowflake:snowflake-jdbc
(Maven)
Oct 30, 2024
Elasticsearch stores private key on disk unencrypted
Moderate
CVE-2024-23444
was published
for
org.elasticsearch:elasticsearch
(Maven)
Jul 31, 2024
Jenkins Active Directory Plugin vulnerable to Active Directory credential disclosure
Moderate
CVE-2023-37943
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
Jul 12, 2023
Jenkins Ansible Plugin stores and displays secrets in plain text
Moderate
CVE-2023-32982
was published
for
org.jenkins-ci.plugins:ansible
(Maven)
May 16, 2023
Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin
Moderate
CVE-2020-2250
was published
for
org.jenkins-ci.plugins:soapui-pro-functional-testing
(Maven)
May 24, 2022
Secret stored in plain text by Jenkins Parameterized Remote Trigger Plugin
Low
CVE-2020-2239
was published
for
org.jenkins-ci.plugins:Parameterized-Remote-Trigger
(Maven)
May 24, 2022
Credentials stored in plain text by Jenkins tfs Plugin
Low
CVE-2020-2249
was published
for
org.jenkins-ci.plugins:tfs
(Maven)
May 24, 2022
Cleartext Transmission of Sensitive Information in Jenkins Configuration as Code Plugin
Moderate
CVE-2019-10363
was published
for
io.jenkins:configuration-as-code
(Maven)
May 24, 2022
OpenAPI Tools OpenAPI Generator uses HTTP in various files
High
CVE-2019-11405
was published
for
org.openapitools:openapi-generator
(Maven)
May 24, 2022
Missing Encryption of Sensitive Data in Apache Guacamole
High
CVE-2018-1340
was published
for
org.apache.guacamole:guacamole-common
(Maven)
May 13, 2022
Jenkins IRC Plugin stores credentials in plain text
Low
CVE-2019-1003051
was published
for
org.jvnet.hudson.plugins:ircbot
(Maven)
May 13, 2022
Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials in plain text
Low
CVE-2019-1003052
was published
for
org.jenkins-ci.plugins:aws-beanstalk-publisher-plugin
(Maven)
May 13, 2022
Jenkins Bitbucket Approve Plugin stores credentials in plain text
Low
CVE-2019-1003057
was published
for
org.jenkins-ci.plugins:bitbucket-approve
(Maven)
May 13, 2022
Jenkins OWASP ZAP Plugin stores unencrypted credentials
Low
CVE-2019-1003060
was published
for
org.jenkins-ci.plugins:zap
(Maven)
May 13, 2022
Jenkins HockeyApp Plugin stores credentials in plain text
High
CVE-2019-1003053
was published
for
org.jenkins-ci.plugins:hockeyapp
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API