Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,952
Erlang
39
GitHub Actions
38
Go
2,612
Maven
5,000+
npm
4,252
NuGet
760
pip
4,027
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

201 advisories

Loading
Jenkins Gitlab Hook Plugin stores and displays GitLab API token in plain text Moderate
CVE-2018-1000196 was published for org.jenkins-ci.ruby-plugins:gitlab-hook (Maven) May 14, 2022
Exposure of sensitive information vulnerability in Jenkins Black Duck Hub Plugin Moderate
CVE-2018-1000190 was published for com.blackducksoftware.integration:blackduck-hub (Maven) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins SSH Credentials Plugin Moderate
CVE-2018-1000601 was published for org.jenkins-ci.plugins:credentials (Maven) May 14, 2022
Jenkins Configuration as Code Plugin vulnerable to Exposure of Sensitive Information Moderate
CVE-2018-1000609 was published for io.jenkins:configuration-as-code (Maven) May 14, 2022
Exposure of sensitive information vulnerability Moderate
CVE-2018-1999041 was published for com.tinfoilsecurity.plugins:tinfoil-scan (Maven) May 14, 2022
XWork in Apache Struts Reveals Sensitive Information Moderate
CVE-2011-2088 was published for org.apache.struts.xwork:xwork-core (Maven) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in SonarSource SonarQube API Moderate
CVE-2018-19413 was published for org.sonarsource.sonarqube:sonar-plugin-api (Maven) May 14, 2022
MarkLee131
Credited to MarkLee131
Insertion of Sensitive Information into Log File in Apache Tomcat Moderate
CVE-2011-2204 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat Moderate
CVE-2013-4590 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat Moderate
CVE-2016-0706 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
Jenkins Black Duck Detect Plugin information exposure vulnerability Moderate
CVE-2018-1000191 was published for com.synopsys.integration:synopsys-detect (Maven) May 14, 2022
q5438722
Credited to q5438722
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Moderate
CVE-2018-1999006 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Moderate
CVE-2018-1999046 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Moderate
CVE-2017-1000399 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Moderate
CVE-2018-1000862 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Moderate
CVE-2017-1000395 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Moderate
CVE-2017-1000398 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Jenkins Deploy to container Plugin stored plain text passwords in job configuration Moderate
CVE-2017-1000113 was published for org.jenkins-ci.plugins:deploy (Maven) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Moderate
CVE-2018-1000169 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin CSRF vulnerability and missing permission checks Moderate
CVE-2018-1999030 was published for org.jenkins-ci.plugins:maven-artifact-choicelistprovider (Maven) May 13, 2022
Jenkins Perforce Plugin uses ineffective credentials encryption Moderate
CVE-2018-1000145 was published for org.jvnet.hudson.plugins:perforce (Maven) May 13, 2022
Apache Geode vulnerable to Exposure of Sensitive Information Moderate
CVE-2017-9797 was published for org.apache.geode:geode-core (Maven) May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Oracle MySQL Connectors Java Moderate
CVE-2017-3586 was published for mysql:mysql-connector-java (Maven) May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Moderate
CVE-2017-2600 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Moderate
CVE-2017-2606 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database