GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
34 advisories
Filter by severity
[PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS`
Low
CVE-2024-41124
was published
for
puncia
(pip)
Jul 19, 2024
An insecure connection between Systems Manager and CQI Reporter application could expose infusion...
Low
Unreviewed
CVE-2023-30565
was published
Jul 13, 2023
Jenkins Aqua Security Serverless Scanner Plugin showed plain text password in job configuration form fields
Low
CVE-2019-10397
was published
for
org.jenkins-ci.plugins:aqua-serverless
(Maven)
May 24, 2022
Sametime is impacted by sensitive information passed in URL.
Low
Unreviewed
CVE-2023-45716
was published
Feb 10, 2024
make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command...
Low
Unreviewed
CVE-2007-5626
was published
May 1, 2022
Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration
Low
CVE-2020-2114
was published
for
org.jenkins-ci.plugins:s3
(Maven)
May 24, 2022
Jenkins Email Extension Plugin SMTP password transmitted and displayed in plain text
Low
CVE-2020-2232
was published
for
org.jenkins-ci.plugins:email-ext
(Maven)
May 24, 2022
Credentials transmitted in plain text by Jenkins Logstash Plugin
Low
CVE-2020-2143
was published
for
org.jenkins-ci.plugins:logstash
(Maven)
May 24, 2022
Credentials transmitted in plain text by Backlog Plugin
Low
CVE-2020-2153
was published
for
org.jenkins-ci.plugins:backlog
(Maven)
May 24, 2022
Jenkins Inedo ProGet Plugin Plugin has Cleartext Transmission of Sensitive Information
Low
CVE-2019-10412
was published
for
com.inedo.proget:inedo-proget
(Maven)
May 24, 2022
Cleartext Storage of Sensitive Information in Jenkins Build Notifications Plugin
Low
CVE-2022-34801
was published
for
tools.devnull:build-notifications
(Maven)
Jul 1, 2022
A vulnerability has been identified in COMOS (All versions < V10.4.4). Caching system in the...
Low
Unreviewed
CVE-2023-43503
was published
Nov 14, 2023
A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the...
Low
Unreviewed
CVE-2023-5035
was published
Nov 2, 2023
A vulnerability was found in Delta Electronics WPLSoft 2.51. It has been classified as...
Low
Unreviewed
CVE-2023-5461
was published
Oct 9, 2023
A vulnerability was found in Intergard SGS 8.7.0. It has been declared as problematic. This...
Low
Unreviewed
CVE-2023-3763
was published
Jul 19, 2023
A vulnerability was found in Intergard SGS 8.7.0 and classified as problematic. Affected by this...
Low
Unreviewed
CVE-2023-3761
was published
Jul 19, 2023
Jenkins QMetry for JIRA Plugin shows plain text password in configuration form
Low
CVE-2019-16545
was published
for
org.jenkins-ci.plugins:qmetry-for-jira-test-management
(Maven)
May 24, 2022
Jenkins Inedo BuildMaster Plugin showed plain text password in configuration form
Low
CVE-2019-10411
was published
for
com.inedo.proget:inedo-proget
(Maven)
May 24, 2022
Passwords transmitted in plain text by Jenkins Artifactory Plugin
Low
CVE-2020-2165
was published
for
org.jenkins-ci.plugins:artifactory
(Maven)
May 24, 2022
Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1...
Low
Unreviewed
CVE-2022-33724
was published
Aug 6, 2022
BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to...
Low
Unreviewed
CVE-2019-18248
was published
May 24, 2022
Credentials transmitted in plain text by Repository Connector Plugin
Low
CVE-2020-2149
was published
for
org.jenkins-ci.plugins:repository-connector
(Maven)
May 24, 2022
Credentials transmitted in plain text by OpenShift Deployer Plugin
Low
CVE-2020-2155
was published
for
org.jenkins-ci.plugins:openshift-deployer
(Maven)
May 24, 2022
Free5gc v3.2.1 is vulnerable to Information disclosure.
Low
Unreviewed
CVE-2022-38870
was published
Oct 25, 2022
Jenkins Sonar Quality Gates Plugin transmits credentials in plain text during configuration
Low
CVE-2020-2150
was published
for
org.jenkins-ci.plugins:sonar-quality-gates
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API