Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

106 advisories

Loading
Opencast still publishes global system account credentials Moderate
CVE-2025-54380 was published for org.opencastproject:opencast-common (Maven) Jul 25, 2025
lkiesow
Jenkins Mattermost Notification Plugin contains unencrypted storage of secret token Moderate
CVE-2019-10459 was published for org.jenkins-ci.plugins:mattermost (Maven) May 24, 2022
Jenkins Credentials Binding Plugin vulnerability can expose sensitive information in logger messages Moderate
CVE-2025-53650 was published for org.jenkins-ci.plugins:credentials-binding (Maven) Jul 9, 2025
Liferay Portal and Liferay DXP Includes LDAP Credentials in the Page URL Moderate
CVE-2022-42132 was published for com.liferay.portal:release.dxp.bom (Maven) Nov 15, 2022
Jenkins Apica Loadtest Plugin vulnerability exposes authentication tokens Moderate
CVE-2025-53664 was published for com.apica:ApicaLoadtest (Maven) Jul 9, 2025
Jenkins Apica Loadtest Plugin vulnerability exposes authentication tokens Moderate
CVE-2025-53665 was published for com.apica:ApicaLoadtest (Maven) Jul 9, 2025
Jenkins IBM Cloud DevOps Plugin vulnerability exposes SonarQube authentication tokens Moderate
CVE-2025-53663 was published for com.ibm.devops:ibm-cloud-devops (Maven) Jul 9, 2025
Jenkins IFTTT Build Notifier Plugin vulnerability exposes IFTTT Maker Channel Keys Moderate
CVE-2025-53662 was published for org.jenkins-ci.plugins:ifttt-build-notifier (Maven) Jul 9, 2025
Jenkins QMetry Test Management Plugin vulnerability exposes API keys Moderate
CVE-2025-53660 was published for org.jenkins-ci.plugins:qmetry-test-management (Maven) Jul 9, 2025
Jenkins ReadyAPI Functional Testing Plugin vulnerability stores unencrypted authentication credentials Moderate
CVE-2025-53656 was published for org.jenkins-ci.plugins:soapui-pro-functional-testing (Maven) Jul 9, 2025
Jenkins Aqua Security Scanner Plugin vulnerability exposes scanner tokens Moderate
CVE-2025-53653 was published for org.jenkins-ci.plugins:aqua-security-scanner (Maven) Jul 9, 2025
Jenkins Applitools Eyes Plugin vulnerability does not mask API keys on its job configuration form Moderate
CVE-2025-53743 was published for org.jenkins-ci.plugins:applitools-eyes (Maven) Jul 9, 2025
Jenkins Dead Man's Snitch Plugin vulnerability stores tokens in plain text Moderate
CVE-2025-53666 was published for org.jenkins-ci.plugins:deadmanssnitch (Maven) Jul 9, 2025
Jenkins Dead Man's Snitch Plugin vulnerability does not mask tokens Moderate
CVE-2025-53667 was published for org.jenkins-ci.plugins:deadmanssnitch (Maven) Jul 9, 2025
Jenkins ReadyAPI Functional Testing Plugin vulnerability exposes secrets Moderate
CVE-2025-53657 was published for org.jenkins-ci.plugins:soapui-pro-functional-testing (Maven) Jul 9, 2025
Jenkins Statistics Gatherer Plugin vulnerability exposes AWS Secret Key Moderate
CVE-2025-53654 was published for org.jenkins.plugins.statistics.gatherer:statistics-gatherer (Maven) Jul 9, 2025
Liferay Portal and Liferay DXP May Reveal S3 Store's Proxy Password Moderate
CVE-2021-29043 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Jenkins allows Administrators to Access API Tokens Moderate
CVE-2015-5323 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Jenkins Credentials Binding Plugin Stores Passwords in a Recoverable Format Moderate
CVE-2019-1010241 was published for org.jenkins-ci.plugins:credentials-binding (Maven) May 24, 2022
Eclipse Dataspace Components vulnerable to OAuth2 client secret disclosure Moderate
CVE-2024-4536 was published for org.eclipse.edc:connector-core (Maven) May 7, 2024
Jenkins Azure VM Agents Plugin missing permission checks Moderate
CVE-2023-32988 was published for org.jenkins-ci.plugins:azure-vm-agents (Maven) May 16, 2023
Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin Moderate
CVE-2023-50770 was published for org.jenkins-ci.plugins:oic-auth (Maven) Dec 13, 2023
westonsteimel
Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission Moderate
CVE-2024-47805 was published for org.jenkins-ci.plugins:credentials (Maven) Oct 2, 2024
Apereo CAS vulnerable to credential leaks for LDAP authentication Moderate
CVE-2023-28857 was published for org.apereo.cas:cas-server-support-x509-core (Maven) Aug 5, 2024
Jenkins TestFairy Plugin stores credentials in plain text Moderate
CVE-2019-1003096 was published for org.jenkins-ci.plugins:TestFairy (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database