GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,713
NuGet
661
pip
3,386
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
31 advisories
Filter by severity
Jenkins Code Dx Plugin stores API keys in plain text
Moderate
CVE-2023-2632
was published
for
org.jenkins-ci.plugins:codedx
(Maven)
May 16, 2023
Jenkins Code Dx Plugin displays API keys in plain text
Moderate
CVE-2023-2633
was published
for
org.jenkins-ci.plugins:codedx
(Maven)
May 16, 2023
Credentials stored in plain text by Jenkins Copr Plugin
Moderate
CVE-2020-2177
was published
for
org.fedoraproject.jenkins.plugins:copr
(Maven)
May 24, 2022
Password stored in plain text by Parasoft Environment Manager Plugin
Moderate
CVE-2020-2132
was published
for
com.parasoft:environment-manager
(Maven)
May 24, 2022
Plaintext Storage of a Password in Jenkins Configuration as Code Plugin
Moderate
CVE-2019-10345
was published
for
io.jenkins:configuration-as-code
(Maven)
May 24, 2022
Plaintext Storage of a Password in Jenkins NS-ND Integration Performance Publisher Plugin
Moderate
CVE-2022-45392
was published
for
io.jenkins.plugins:cavisson-ns-nd-integration
(Maven)
Nov 16, 2022
Jenkins Reverse Proxy Auth Plugin vulnerable due to plaintext storage of passwords
Moderate
CVE-2022-45384
was published
for
org.jenkins-ci.main:reverse-proxy-auth-plugin
(Maven)
Nov 16, 2022
Jenkins OpsGenie Plugin Plaintext Storage of a Password vulnerability
Moderate
CVE-2022-34803
was published
for
org.jenkins-ci.plugins:opsgenie
(Maven)
Jul 1, 2022
Plaintext storage in Jenkins instant-messaging Plugin
Moderate
CVE-2022-28135
was published
for
org.jvnet.hudson.plugins:instant-messaging
(Maven)
Mar 30, 2022
Password stored in plain text by Jenkins Nomad Plugin
Moderate
CVE-2021-21681
was published
for
org.jenkins-ci.plugins:nomad
(Maven)
May 24, 2022
Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin
Moderate
CVE-2020-2250
was published
for
org.jenkins-ci.plugins:soapui-pro-functional-testing
(Maven)
May 24, 2022
Secret stored in plain text by Jenkins Slack Upload Plugin
Moderate
CVE-2020-2208
was published
for
org.jenkins-ci.plugins:slack-uploader
(Maven)
May 24, 2022
Secret stored in plain text by Jenkins GitHub Coverage Reporter Plugin
Moderate
CVE-2020-2212
was published
for
io.jenkins.plugins:github-coverage-reporter
(Maven)
May 24, 2022
Password stored in plain text by Jenkins TestComplete support Plugin
Moderate
CVE-2020-2209
was published
for
org.jenkins-ci.plugins:TestComplete
(Maven)
May 24, 2022
Credentials stored in plain text by Jenkins White Source Plugin
Moderate
CVE-2020-2213
was published
for
org.jenkins-ci.plugins:whitesource
(Maven)
May 24, 2022
Password stored in plain text by Dynamic Extended Choice Parameter Plugin
Moderate
CVE-2020-2124
was published
for
com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter
(Maven)
May 24, 2022
Password stored in plain text by ECX Copy Data Management Plugin
Moderate
CVE-2020-2128
was published
for
com.catalogic.ecxjenkins:catalogic-ecx
(Maven)
May 24, 2022
Passwords stored in plain text by Harvest SCM Plugin
Moderate
CVE-2020-2131
was published
for
org.jenkins-ci.plugins:harvest
(Maven)
May 24, 2022
Passwords stored in plain text by Harvest SCM Plugin
Moderate
CVE-2020-2130
was published
for
org.jenkins-ci.plugins:harvest
(Maven)
May 24, 2022
API keys stored in plain text by Jenkins Katalon Plugin
Moderate
CVE-2022-43419
was published
for
org.jenkins-ci.plugins:katalon
(Maven)
Oct 19, 2022
Personal tokens stored in plain text by Jenkins incapptic connect uploader Plugin
Moderate
CVE-2022-27218
was published
for
com.incapptic.plugins:incapptic-connect-uploader
(Maven)
Mar 16, 2022
Jenkins Gem Publisher Plugin stores credentials as plaintext
Moderate
CVE-2019-10426
was published
for
net.arangamani.jenkins:gem-publisher
(Maven)
May 24, 2022
Plaintext Storage of a Password in Jenkins Convertigo Mobile Platform Plugin
Moderate
CVE-2022-34199
was published
for
com.convertigo.jenkins.plugins:convertigo-mobile-platform
(Maven)
Jun 24, 2022
Plaintext Storage of a Password in Jenkins TestQuality Updater Plugin
Moderate
CVE-2023-24454
was published
for
org.jenkins-ci.plugins:testquality-updater
(Maven)
Jan 26, 2023
Plaintext Storage of a Password in Jenkins JIRA Pipeline Steps Plugin
Moderate
CVE-2023-24439
was published
for
org.jenkins-ci.plugins:jira-steps
(Maven)
Jan 26, 2023
ProTip!
Advisories are also available from the
GraphQL API