Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,747
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,946
npm
3,474
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

60 advisories

Path traversal in Jenkins Mercurial Plugin Low
CVE-2022-30948 was published for org.jenkins-ci.plugins:mercurial (Maven) May 18, 2022
NotMyFault
Passwords transmitted in plain text by Jenkins Stash Branch Parameter Plugin Low
CVE-2020-2210 was published for org.jenkins-ci.plugins:StashBranchParameter (Maven) May 24, 2022
NotMyFault
Credentials transmitted in plain text by Jenkins DeployHub Plugin Low
CVE-2020-2156 was published for com.openmake:deployhub (Maven) May 24, 2022
NotMyFault
Credentials transmitted in plain text by Skytap Cloud CI Plugin Low
CVE-2020-2157 was published for org.jenkins-ci.plugins:skytap (Maven) May 24, 2022
NotMyFault
Jenkins Quality Gates Plugin transmits credentials in plain text during configuration Low
CVE-2020-2151 was published for org.jenkins-ci.plugins:quality-gates (Maven) May 24, 2022
NotMyFault
Jenkins Sonar Quality Gates Plugin transmits credentials in plain text during configuration Low
CVE-2020-2150 was published for org.jenkins-ci.plugins:sonar-quality-gates (Maven) May 24, 2022
NotMyFault
Credentials transmitted in plain text by OpenShift Deployer Plugin Low
CVE-2020-2155 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) May 24, 2022
NotMyFault
Credentials transmitted in plain text by Repository Connector Plugin Low
CVE-2020-2149 was published for org.jenkins-ci.plugins:repository-connector (Maven) May 24, 2022
NotMyFault
Password stored in plain text by Jenkins VMware Lab Manager Slaves Plugin Low
CVE-2020-2319 was published for org.jenkins-ci.plugins:labmanager (Maven) May 24, 2022
NotMyFault
Password stored in plain text by Jenkins AppSpider Plugin Low
CVE-2020-2314 was published for com.rapid7:jenkinsci-appspider-plugin (Maven) May 24, 2022
NotMyFault
Squash TM Publisher (Squash4Jenkins) Plugin stores passwords stored in plain text Low
CVE-2022-34213 was published for org.jenkins-ci.plugins:squashtm-publisher (Maven) Jun 24, 2022
westonsteimel NotMyFault
User passwords stored in plain text by Jenkins EasyQA Plugin Low
CVE-2022-34202 was published for com.geteasyqa:easyqa (Maven) Jun 24, 2022
NotMyFault
Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin Low
CVE-2022-43412 was published for org.jenkins-ci.plugins:generic-webhook-trigger (Maven) Oct 19, 2022
NotMyFault
AWS secrets displayed without masking by Jenkins S3 Explorer Plugin Low
CVE-2022-43426 was published for io.jenkins.plugins:s3explorer (Maven) Oct 19, 2022
NotMyFault
Token stored in plain text by Jenkins Cisco Spark Plugin Low
CVE-2022-34808 was published for org.jenkins-ci.plugins:cisco-spark (Maven) Jul 1, 2022
NotMyFault
Jenkins BigPanda Notifier Plugin Missing Password Field Masking Low
CVE-2022-41248 was published for org.jenkins-ci.plugins:bigpanda-jenkins (Maven) Sep 22, 2022
NotMyFault
Jenkins BigPanda Notifier Plugin stores BigPanda API key unencrypted Low
CVE-2022-41247 was published for org.jenkins-ci.plugins:bigpanda-jenkins (Maven) Sep 22, 2022
NotMyFault
Client Secret stored in plain text by Jenkins GitLab Authentication Plugin Low
CVE-2022-27206 was published for org.jenkins-ci.plugins:gitlab-oauth (Maven) Mar 16, 2022
NotMyFault
Improper Synchronization in Jenkins Convertigo Mobile Platform Plugin Low
CVE-2022-25210 was published for com.convertigo.jenkins.plugins:convertigo-mobile-platform (Maven) Feb 16, 2022
NotMyFault
Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin Low
CVE-2022-25186 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Feb 16, 2022
NotMyFault
API token stored in plain text by Jenkins CONS3RT Plugin Low
CVE-2022-41255 was published for org.jenkins-ci.plugins:cons3rt (Maven) Sep 22, 2022
NotMyFault
Plaintext Storage of a Password in Jenkins Elasticsearch Query Plugin Low
CVE-2022-34807 was published for org.jenkins-ci.plugins:elasticsearch-query (Maven) Jul 1, 2022
NotMyFault
RabbitMQ password stored in plain text by Jenkins CollabNet Plugins Plugin Low
CVE-2022-38665 was published for org.jenkins-ci.plugins:collabnet (Maven) Aug 24, 2022
NotMyFault
Credentials stored in plain text by Zephyr Enterprise Test Management Plugin Low
CVE-2020-2145 was published for org.jenkins-ci.plugins:zephyr-enterprise-test-management (Maven) May 24, 2022
NotMyFault
Credential stored in plain text by BMC Release Package and Deployment Plugin Low
CVE-2020-2127 was published for RPD:bmc-rpd (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API