GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
38 advisories
Filter by severity
Quarkus CXF logs passwords and other secrets
Moderate
CVE-2024-9621
was published
for
io.quarkiverse.cxf:quarkus-cxf
(Maven)
Oct 8, 2024
Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged
Moderate
CVE-2023-50740
was published
for
org.apache.linkis:linkis
(Maven)
Mar 6, 2024
Jberet: jberet-core logging database credentials
Moderate
CVE-2024-1102
was published
for
org.jberet:jberet-core
(Maven)
Apr 25, 2024
Improper masking of credentials in Jenkins Pipeline Maven Integration Plugin
Moderate
CVE-2023-41934
was published
for
org.jenkins-ci.plugins:pipeline-maven
(Maven)
Sep 6, 2023
Elasticsearch Insertion of Sensitive Information into Log File
Moderate
CVE-2023-49921
was published
for
org.elasticsearch:elasticsearch
(Maven)
Jul 26, 2024
Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin
Moderate
CVE-2024-39460
was published
for
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
(Maven)
Jun 26, 2024
SonarQube logs sensitive information
Moderate
CVE-2024-38460
was published
for
org.sonarsource.sonarqube:sonar-web
(Maven)
Jun 16, 2024
Keycloak leaks sensitive information in logged exceptions
Moderate
CVE-2020-1698
was published
for
org.keycloak:keycloak-core
(Maven)
May 24, 2022
Insertion of Sensitive Information into Log File in Apache Tomcat
Moderate
CVE-2011-2204
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Insertion of Sensitive Information into Log File in OWASP DependencyCheck
Moderate
CVE-2024-23686
was published
for
org.owasp:dependency-check-ant
(Maven)
Jan 20, 2024
nvdApiKey is logged in debug mode
Low
GHSA-qqhq-8r2c-c3f5
was published
for
org.owasp:dependency-check-ant
(Maven)
Dec 15, 2023
Insertion of Sensitive Information into Log File in Jenkins Configuration as Code Plugin
Moderate
CVE-2019-10343
was published
for
io.jenkins:configuration-as-code
(Maven)
May 24, 2022
Jenkins SSH Agent Plugin exposes SSH private key password to users with permission to read the build log
Low
CVE-2018-1999036
was published
for
org.jenkins-ci.plugins:ssh-agent
(Maven)
May 13, 2022
Maven Integration Plugin did not mask sensitive values in module build logs
Moderate
CVE-2019-10358
was published
for
org.jenkins-ci.main:maven-plugin
(Maven)
May 24, 2022
Plaintext Storage of a Password in Jenkins Configuration as Code Plugin
Moderate
CVE-2019-10345
was published
for
io.jenkins:configuration-as-code
(Maven)
May 24, 2022
Sensitive parameter values captured in build metadata files by Jenkins Parameterized Trigger Plugin
Low
CVE-2022-27195
was published
for
org.jenkins-ci.plugins:parameterized-trigger
(Maven)
Mar 16, 2022
Insertion of Sensitive Information into Log File in Jenkins Configuration as Code Plugin
Moderate
CVE-2019-10367
was published
for
io.jenkins:configuration-as-code
(Maven)
May 24, 2022
Elasticsearch allows insertion of sensitive information into log files when using deprecated URIs
Moderate
CVE-2023-31417
was published
for
org.elasticsearch:elasticsearch
(Maven)
Oct 26, 2023
Lightbend Alpakka Kafka logs credentials on debug level
Moderate
CVE-2023-29471
was published
for
com.typesafe.akka:akka-stream-kafka
(Maven)
Apr 27, 2023
Apache Santuario - XML Security for Java are vulnerable to private key disclosure
Moderate
CVE-2023-44483
was published
for
org.apache.santuario:xmlsec
(Maven)
Oct 20, 2023
Jenkins HashiCorp Vault Plugin has improper masking of credentials
Moderate
CVE-2023-33001
was published
for
com.datapipe.jenkins.plugins:hashicorp-vault-plugin
(Maven)
May 16, 2023
Jenkins Folders Plugin information disclosure vulnerability
Moderate
CVE-2023-40338
was published
for
org.jenkins-ci.plugins:cloudbees-folder
(Maven)
Aug 16, 2023
Jenkins Amazon EC2 Plugin leaked beginning of private key in system log
Moderate
CVE-2019-10364
was published
for
org.jenkins-ci.plugins:ec2
(Maven)
May 24, 2022
Apache NiFi Insertion of Sensitive Information into Log File
Moderate
CVE-2020-1928
was published
for
org.apache.nifi:nifi-parameter
(Maven)
Jan 6, 2022
Insertion of Sensitive Information into Log File in Apache NiFi Stateless
High
CVE-2020-9486
was published
for
org.apache.nifi:nifi-stateless
(Maven)
Jan 6, 2022
ProTip!
Advisories are also available from the
GraphQL API