GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
666
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
37 advisories
Filter by severity
Django Incorrect HTTP detection with reverse-proxy connecting via HTTPS
Moderate
CVE-2019-12781
was published
for
Django
(pip)
Jul 3, 2019
Remote Code Execution and download tracking in Mintegral SDK
Moderate
CVE-2020-7744
was published
for
com.mintegral.msdk:alphab
(Maven)
Apr 22, 2021
Source code is downloaded over cleartext HTTP in portaudio
Moderate
CVE-2016-10933
was published
for
portaudio
(Rust)
Aug 25, 2021
User passwords transmitted in plain text by Jenkins Active Directory Plugin
Moderate
CVE-2022-23105
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
Jan 13, 2022
"catalog's registry v2 api exposed on unauthenticated path in Harbor"
Moderate
CVE-2020-29662
was published
for
github.com/goharbor/harbor
(Go)
Feb 12, 2022
Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials
Moderate
CVE-2022-25180
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Feb 16, 2022
Cleartext Transmission of Sensitive Information in Apache CXF
Moderate
CVE-2014-0035
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Insecure transport protocol in Gradle
Moderate
CVE-2019-11065
was published
for
org.gradle:gradle-core
(Maven)
May 13, 2022
TYPO3 Information Disclosure Vulnerability
Moderate
CVE-2017-6370
was published
for
typo3/cms
(Composer)
May 13, 2022
Cleartext Transmission of Sensitive Information in Jenkins Configuration as Code Plugin
Moderate
CVE-2019-10363
was published
for
io.jenkins:configuration-as-code
(Maven)
May 24, 2022
Insertion of Sensitive Information into Log File in Jenkins Mask Passwords Plugin
Moderate
CVE-2019-10370
was published
for
org.jenkins-ci.plugins:mask-passwords
(Maven)
May 24, 2022
Jenkins IBM AppScan Plugin showed plain text password in job configuration form fields
Moderate
CVE-2019-10391
was published
for
com.hcl.security:ibm-application-security
(Maven)
May 24, 2022
Jenkins SCTMExecutor Plugin stores credentials in plain text
Moderate
CVE-2019-16568
was published
for
hudson.plugins.sctmexecutor:SCTMExecutor
(Maven)
May 24, 2022
Missing permission checks in Jenkins P4 Plugin
Moderate
CVE-2020-2142
was published
for
org.jenkins-ci.plugins:p4
(Maven)
May 24, 2022
Passwords transmitted in plain text by Jenkins ReadyAPI Functional Testing Plugin
Moderate
CVE-2020-2251
was published
for
org.jenkins-ci.plugins:soapui-pro-functional-testing
(Maven)
May 24, 2022
Jenkins Aqua MicroScanner Plugin showed plain text credential in configuration form
Moderate
CVE-2019-10427
was published
for
org.jenkins-ci.plugins:aqua-microscanner
(Maven)
May 24, 2022
Kibana Sensitive Data Disclosure
Moderate
CVE-2021-37939
was published
for
kibana
(npm)
May 24, 2022
Information Disclosure via Export Module
Moderate
CVE-2022-31046
was published
for
typo3/cms
(Composer)
Jun 17, 2022
Jenkins OpsGenie Plugin vulnerable to Cleartext Transmission of Sensitive Information
Moderate
CVE-2022-34804
was published
for
org.jenkins-ci.plugins:opsgenie
(Maven)
Jul 1, 2022
Cleartext Transmission of Sensitive Information in moment-timezone
Moderate
GHSA-v78c-4p63-2j6c
was published
for
moment-timezone
(npm)
Aug 30, 2022
Concrete CMS vulnerable to Cleartext Transmission of Sensitive Information
Moderate
CVE-2022-43691
was published
for
concrete5/concrete5
(Composer)
Nov 15, 2022
Jenkins Gitea Plugin vulnerable to Cleartext Transmission of Sensitive Information
Moderate
CVE-2022-46685
was published
for
org.jenkins-ci.plugins:gitea
(Maven)
Dec 12, 2022
usememos/memos missing Secure cookie attribute
Moderate
CVE-2022-4683
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Moderate
CVE-2023-0055
was published
for
pyload-ng
(pip)
Jan 5, 2023
Apache James server allows an attacker with local access to access private user data in transit
Moderate
CVE-2022-45935
was published
for
org.apache.james:james-server
(Maven)
Jan 6, 2023
ProTip!
Advisories are also available from the
GraphQL API