Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

269 advisories

Loading
Credentials transmitted in plain text by OpenShift Deployer Plugin Low
CVE-2020-2155 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) May 24, 2022
NotMyFault
Jenkins Zephyr for JIRA Test Management Plugin stores credentials in plain text Low
CVE-2020-2154 was published for org.jenkins-ci.plugins:zephyr-for-jira-test-management (Maven) May 24, 2022
NotMyFault
Jenkins Quality Gates Plugin transmits credentials in plain text during configuration Low
CVE-2020-2151 was published for org.jenkins-ci.plugins:quality-gates (Maven) May 24, 2022
NotMyFault
Jenkins Sonar Quality Gates Plugin transmits credentials in plain text during configuration Low
CVE-2020-2150 was published for org.jenkins-ci.plugins:sonar-quality-gates (Maven) May 24, 2022
NotMyFault
Credentials transmitted in plain text by Repository Connector Plugin Low
CVE-2020-2149 was published for org.jenkins-ci.plugins:repository-connector (Maven) May 24, 2022
NotMyFault
Credentials transmitted in plain text by Jenkins Logstash Plugin Low
CVE-2020-2143 was published for org.jenkins-ci.plugins:logstash (Maven) May 24, 2022
NotMyFault
Credentials stored in plain text by Zephyr Enterprise Test Management Plugin Low
CVE-2020-2145 was published for org.jenkins-ci.plugins:zephyr-enterprise-test-management (Maven) May 24, 2022
NotMyFault
Credentials stored in plain text by debian-package-builder Plugin Low
CVE-2020-2125 was published for ru.yandex.jenkins.plugins.debuilder:debian-package-builder (Maven) May 24, 2022
NotMyFault
Credential stored in plain text by BMC Release Package and Deployment Plugin Low
CVE-2020-2127 was published for RPD:bmc-rpd (Maven) May 24, 2022
NotMyFault
Token stored in plain text by DigitalOcean Plugin Low
CVE-2020-2126 was published for com.dubture.jenkins:digitalocean-plugin (Maven) May 24, 2022
NotMyFault
Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration Low
CVE-2020-2114 was published for org.jenkins-ci.plugins:s3 (Maven) May 24, 2022
NotMyFault
Client secret transmitted in plain text by Azure AD Plugin Low
CVE-2020-2119 was published for org.jenkins-ci.plugins:azure-ad (Maven) May 24, 2022
NotMyFault
Jenkins REST APIs vulnerable to clickjacking Low
CVE-2020-2105 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Amazon EC2 Plugin Low
CVE-2020-2090 was published for org.jenkins-ci.plugins:ec2 (Maven) May 24, 2022
NotMyFault
Jenkins Weibo Plugin stores credentials unencrypted in its global configuration file Low
CVE-2019-16572 was published for org.jenkins-ci.plugins:weibo (Maven) May 24, 2022
Plaintext Storage in Jenkins Spira Importer Plugin Low
CVE-2019-16543 was published for com.inflectra.spiratest.plugins:inflectra-spira-integration (Maven) May 24, 2022
Jenkins QMetry for JIRA Plugin shows plain text password in configuration form Low
CVE-2019-16545 was published for org.jenkins-ci.plugins:qmetry-for-jira-test-management (Maven) May 24, 2022
Cleartext Storage of Sensitive Information in Jenkins ElasticBox CI Plugin Low
CVE-2019-10450 was published for com.elasticbox.jenkins-ci.plugins:elasticbox (Maven) May 24, 2022
Jenkins LDAP Email Plugin shows plain text password in configuration form Low
CVE-2019-10434 was published for com.mtvi.plateng.hudson:ldapemail (Maven) May 24, 2022
DingTalk Plugin stores credentials in plain text Low
CVE-2019-10433 was published for io.jenkins.plugins:dingding-notifications (Maven) May 24, 2022
Jenkins elOyente Plugin has Insufficiently Protected Credentials Low
CVE-2019-10424 was published for com.technicolor:elOyente (Maven) May 24, 2022
Jenkins vFabric Application Director Plugin Insufficiently Protected Credentials Low
CVE-2019-10419 was published for org.jenkins-ci.plugins:application-director-plugin (Maven) May 24, 2022
Jenkins CodeScan Plugin has Insufficiently Protected Credentials Low
CVE-2019-10423 was published for com.villagechief.codescan.jenkins:codescan (Maven) May 24, 2022
Jenkins Assembla Plugin has Insufficiently Protected Credentials Low
CVE-2019-10420 was published for org.jenkins-ci.plugins:assembla (Maven) May 24, 2022
Jenkins Inedo ProGet Plugin Plugin has Cleartext Transmission of Sensitive Information Low
CVE-2019-10412 was published for com.inedo.proget:inedo-proget (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database