GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
37 advisories
Filter by severity
Keycloak vulnerable to Cleartext Transmission of Sensitive Information
Moderate
CVE-2024-10973
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Dec 18, 2024
Taipy has a Session Cookie without Secure and HTTPOnly flags
Moderate
CVE-2024-47833
was published
for
taipy
(pip)
Aug 27, 2024
Microsoft Security Advisory CVE-2024-38167 | .NET Information Disclosure Vulnerability
Moderate
CVE-2024-38167
was published
for
Microsoft.NetCore.App.Runtime.linux-arm
(NuGet)
Aug 13, 2024
Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin
Moderate
CVE-2024-39459
was published
for
org.jenkins-ci.plugins:plain-credentials
(Maven)
Jun 26, 2024
Unencrypted traffic between pods when using Wireguard and an external kvstore
Moderate
CVE-2024-25631
was published
for
github.com/cilium/cilium
(Go)
Feb 20, 2024
Unencrypted ingress/health traffic when using Wireguard transparent encryption
Moderate
CVE-2024-25630
was published
for
github.com/cilium/cilium
(Go)
Feb 20, 2024
html inputs of type password recorded in plaintext when converted to text inputs
Moderate
CVE-2023-33187
was published
for
highlight.run
(npm)
May 26, 2023
Ironic and ironic-inspector may expose as ConfigMaps
Moderate
CVE-2023-30841
was published
for
github.com/metal3-io/baremetal-operator
(Go)
Apr 26, 2023
Jenkins Kubernetes Plugin does not properly mask credentials
Moderate
CVE-2023-30513
was published
for
org.csanchez.jenkins.plugins:kubernetes
(Maven)
Apr 12, 2023
Jenkins Azure Key Vault Plugin does not properly mask credentials
Moderate
CVE-2023-30514
was published
for
org.jenkins-ci.plugins:azure-keyvault
(Maven)
Apr 12, 2023
Jenkins Thycotic DevOps Secrets Vault Plugin does not properly mask credentials
Moderate
CVE-2023-30515
was published
for
io.jenkins.plugins:thycotic-devops-secrets-vault
(Maven)
Apr 12, 2023
Cleartext Transmission of Sensitive Information in Jenkins JIRA Pipeline Steps Plugin
Moderate
CVE-2023-24440
was published
for
org.jenkins-ci.plugins:jira-steps
(Maven)
Jan 26, 2023
Apache James server allows an attacker with local access to access private user data in transit
Moderate
CVE-2022-45935
was published
for
org.apache.james:james-server
(Maven)
Jan 6, 2023
Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Moderate
CVE-2023-0055
was published
for
pyload-ng
(pip)
Jan 5, 2023
usememos/memos missing Secure cookie attribute
Moderate
CVE-2022-4683
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
Jenkins Gitea Plugin vulnerable to Cleartext Transmission of Sensitive Information
Moderate
CVE-2022-46685
was published
for
org.jenkins-ci.plugins:gitea
(Maven)
Dec 12, 2022
Concrete CMS vulnerable to Cleartext Transmission of Sensitive Information
Moderate
CVE-2022-43691
was published
for
concrete5/concrete5
(Composer)
Nov 15, 2022
Cleartext Transmission of Sensitive Information in moment-timezone
Moderate
GHSA-v78c-4p63-2j6c
was published
for
moment-timezone
(npm)
Aug 30, 2022
Jenkins OpsGenie Plugin vulnerable to Cleartext Transmission of Sensitive Information
Moderate
CVE-2022-34804
was published
for
org.jenkins-ci.plugins:opsgenie
(Maven)
Jul 1, 2022
Information Disclosure via Export Module
Moderate
CVE-2022-31046
was published
for
typo3/cms
(Composer)
Jun 17, 2022
Kibana Sensitive Data Disclosure
Moderate
CVE-2021-37939
was published
for
kibana
(npm)
May 24, 2022
Jenkins Aqua MicroScanner Plugin showed plain text credential in configuration form
Moderate
CVE-2019-10427
was published
for
org.jenkins-ci.plugins:aqua-microscanner
(Maven)
May 24, 2022
Passwords transmitted in plain text by Jenkins ReadyAPI Functional Testing Plugin
Moderate
CVE-2020-2251
was published
for
org.jenkins-ci.plugins:soapui-pro-functional-testing
(Maven)
May 24, 2022
Missing permission checks in Jenkins P4 Plugin
Moderate
CVE-2020-2142
was published
for
org.jenkins-ci.plugins:p4
(Maven)
May 24, 2022
Jenkins SCTMExecutor Plugin stores credentials in plain text
Moderate
CVE-2019-16568
was published
for
hudson.plugins.sctmexecutor:SCTMExecutor
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API