Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

107 advisories

Loading
Secrets are not masked by Jenkins Credentials Binding Plugin in builds without build steps Moderate
CVE-2020-2181 was published for org.jenkins-ci.plugins:credentials-binding (Maven) May 24, 2022
NotMyFault
Password stored in plain text by Applatix Plugin Moderate
CVE-2020-2133 was published for com.applatix.jenkins:applatix (Maven) May 24, 2022
NotMyFault
Passwords stored in plain text by Harvest SCM Plugin Moderate
CVE-2020-2131 was published for org.jenkins-ci.plugins:harvest (Maven) May 24, 2022
NotMyFault
Passwords stored in plain text by Harvest SCM Plugin Moderate
CVE-2020-2130 was published for org.jenkins-ci.plugins:harvest (Maven) May 24, 2022
NotMyFault
Plaintext Storage of a Password in Jenkins Eagle Tester Plugin Moderate
CVE-2020-2129 was published for com.mobileenerlytics.eagle.tester:eagle-tester (Maven) May 24, 2022
Password stored in plain text by Parasoft Environment Manager Plugin Moderate
CVE-2020-2132 was published for com.parasoft:environment-manager (Maven) May 24, 2022
NotMyFault
Password stored in plain text by Dynamic Extended Choice Parameter Plugin Moderate
CVE-2020-2124 was published for com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter (Maven) May 24, 2022
NotMyFault
Password stored in plain text by ECX Copy Data Management Plugin Moderate
CVE-2020-2128 was published for com.catalogic.ecxjenkins:catalogic-ecx (Maven) May 24, 2022
NotMyFault
Fortify Plugin stored credentials in plain text Moderate
CVE-2020-2107 was published for org.jenkins-ci.plugins:fortify (Maven) May 24, 2022
NotMyFault
Redgate SQL Change Automation Plugin stored credentials in plain text Moderate
CVE-2020-2095 was published for com.redgate.plugins.redgatesqlci:redgate-sql-ci (Maven) May 24, 2022
NotMyFault
Jenkins Redgate SQL Change Automation Plugin has Insufficiently Protected Credentials Moderate
CVE-2019-16557 was published for com.redgate.plugins.redgatesqlci:redgate-sql-ci (Maven) May 24, 2022
Jenkins Rundeck Plugin stored credentials in plain text Moderate
CVE-2019-16556 was published for org.jenkins-ci.plugins:rundeck (Maven) May 24, 2022
Jenkins QMetry for JIRA Plugin stored credentials in plain text Moderate
CVE-2019-16544 was published for org.jenkins-ci.plugins:qmetry-for-jira-test-management (Maven) May 24, 2022
Jenkins Anchore Container Scanner Plugin vulnerable to Insufficiently Protected Credentials Moderate
CVE-2019-16542 was published for org.jenkins-ci.plugins:anchore-container-scanner (Maven) May 24, 2022
Jenkins Sonar Gerrit Plugin stores credentials unencrypted Moderate
CVE-2019-10467 was published for org.jenkins-ci.plugins:sonar-gerrit (Maven) May 24, 2022
Jenkins Mattermost Notification Plugin contains unencrypted storage of secret token Moderate
CVE-2019-10459 was published for org.jenkins-ci.plugins:mattermost (Maven) May 24, 2022
Jenkins Google Calendar Plugin has Insufficiently Protected Credentials Moderate
CVE-2019-10425 was published for org.jenkins-ci.plugins:gcal (Maven) May 24, 2022
Jenkins Violation Comments to GitLab Plugin has Insufficiently Protected Credentials Moderate
CVE-2019-10415 was published for org.jenkins-ci.plugins:violation-comments-to-gitlab (Maven) May 24, 2022
Jenkins Git Changelog Plugin has Insufficiently Protected Credentials Moderate
CVE-2019-10414 was published for de.wellnerbou.jenkins:git-changelog (Maven) May 24, 2022
Violation Comments to GitLab Plugin has Insufficiently Protected Credentials Moderate
CVE-2019-10416 was published for org.jenkins-ci.plugins:violation-comments-to-gitlab (Maven) May 24, 2022
Jenkins Azure Event Grid Build Notifier Plugin has Insufficiently Protected Credentials Moderate
CVE-2019-10421 was published for org.jenkins-ci.plugins:azure-event-grid-notifier (Maven) May 24, 2022
Jenkins Call Remote Job Plugin has Insufficiently Protected Credentials Moderate
CVE-2019-10422 was published for org.ukiuni.callOtherJenkins:call-remote-job-plugin (Maven) May 24, 2022
Jenkins Data Theorem Mobile Security: CI/CD Plugin has Insufficiently Protected Credentials Moderate
CVE-2019-10413 was published for com.datatheorem.mobileappsecurity.jenkins.plugin:datatheorem-mobile-app-security (Maven) May 24, 2022
Jenkins eggplant-plugin Plugin stores credentials in plain text Moderate
CVE-2019-10385 was published for org.jenkins-ci.plugins:eggplant-plugin (Maven) May 24, 2022
Jenkins Google Cloud Messaging Notification Plugin stores credentials in plain text Moderate
CVE-2019-10379 was published for org.jenkins-ci.plugins:gcm-notification (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database