Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,844
Maven
5,000+
npm
4,470
NuGet
779
pip
4,231
Pub
12
RubyGems
974
Rust
1,093
Swift
48
Unreviewed advisories
All unreviewed
5,000+

231 advisories

Loading
Jenkins Curseforge Publisher Plugin does not mask API Keys displayed on the job configuration form Moderate
CVE-2025-64147 was published for org.jenkins-ci.plugins:curseforge-publisher (Maven) Oct 29, 2025
Jenkins Curseforge Publisher Plugin stores API Keys unencrypted in job config.xml files Moderate
CVE-2025-64146 was published for org.jenkins-ci.plugins:curseforge-publisher (Maven) Oct 29, 2025
Jenkins ByteGuard Build Actions Plugin does not mask API tokens displayed on the job configuration form Moderate
CVE-2025-64145 was published for io.jenkins.plugins:byteguard-build-actions (Maven) Oct 29, 2025
Jenkins ByteGuard Build Actions Plugin stores API tokens unencrypted in job config.xml files Moderate
CVE-2025-64144 was published for io.jenkins.plugins:byteguard-build-actions (Maven) Oct 29, 2025
Jenkins OpenShift Pipeline Plugin stores authorization tokens unencrypted in job config.xml files Moderate
CVE-2025-64143 was published for com.openshift.jenkins:openshift-pipeline (Maven) Oct 29, 2025
Jenkins User1st uTester Plugin vulnerability exposes unencrypted token to authenticated users Low
CVE-2025-53678 was published for io.jenkins.plugins:user1st-utester (Maven) Jul 9, 2025
Jenkins Xooa Plugin vulnerability exposes unencrypted tokens to authenticated users Moderate
CVE-2025-53676 was published for io.jenkins.plugins:xooa (Maven) Jul 9, 2025
Jenkins Sensedia API Platform Plugin vulnerability exposes unencrypted tokens in its global configuration file Moderate
CVE-2025-53673 was published for org.jenkins-ci.plugins:sensedia-api-platform (Maven) Jul 9, 2025
Jenkins VAddy Plugin vulnerability exposes unencrypted keys to certain authenticated users Moderate
CVE-2025-53668 was published for org.jenkins-ci.plugins:vaddy-plugin (Maven) Jul 9, 2025
Jenkins IBM Cloud DevOps Plugin vulnerability exposes SonarQube authentication tokens Moderate
CVE-2025-53663 was published for com.ibm.devops:ibm-cloud-devops (Maven) Jul 9, 2025
Jenkins Dead Man's Snitch Plugin vulnerability stores tokens in plain text Moderate
CVE-2025-53666 was published for org.jenkins-ci.plugins:deadmanssnitch (Maven) Jul 9, 2025
Jenkins QMetry Test Management Plugin stores unencrypted API keys Moderate
CVE-2025-53659 was published for org.jenkins-ci.plugins:qmetry-test-management (Maven) Jul 9, 2025
Jenkins Aqua Security Scanner Plugin vulnerability exposes scanner tokens Moderate
CVE-2025-53653 was published for org.jenkins-ci.plugins:aqua-security-scanner (Maven) Jul 9, 2025
DragonFly's tiny file download uses hard coded HTTP protocol Moderate
CVE-2025-59410 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
chromedriver Downloads Resources over HTTP High
CVE-2016-10579 was published for chromedriver (npm) Feb 18, 2019
Elasticsearch stores private key on disk unencrypted Moderate
CVE-2024-23444 was published for org.elasticsearch:elasticsearch (Maven) Jul 31, 2024
Jenkins AsakusaSatellite Plugin Does not Mask API Keys via Job Configuration Form Moderate
CVE-2025-31728 was published for org.codefirst.jenkins.asakusasatellite:asakusa-satellite-plugin (Maven) Apr 2, 2025
OpenDaylight SFC Insecure Shiro Cookie Configuration High
CVE-2025-29314 was published for org.opendaylight.sfc:odl-sfc-openflow-renderer (Maven) Mar 24, 2025
Unencrypted transmission in Temporal api-go library Low
CVE-2025-1243 was published for go.temporal.io/api (Go) Feb 12, 2025
Jenkins Ansible Plugin stores and displays secrets in plain text Moderate
CVE-2023-32982 was published for org.jenkins-ci.plugins:ansible (Maven) May 16, 2023
Gradio uses insecure communication between the FRP client and server High
CVE-2024-47871 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Credited to ahpaleus and Vasco-jofra
1Panel set-cookie is missing the Secure keyword Low
CVE-2024-24768 was published for github.com/1Panel-dev/1Panel (Go) Feb 5, 2024
anonymous-nlp-student
Credited to anonymous-nlp-student
ipip downloads Resources over HTTP Moderate
CVE-2016-10594 was published for ipip (npm) Feb 18, 2019
vulnerability-analyst
Credited to vulnerability-analyst
Unencrypted traffic between nodes when using WireGuard and L7 policies Moderate
CVE-2024-28250 was published for github.com/cilium/cilium (Go) Mar 18, 2024
giorio94 brb
jschwinger233
Credited to giorio94, brb, and jschwinger233
Unencrypted traffic between nodes when using IPsec and L7 policies Moderate
CVE-2024-28249 was published for github.com/cilium/cilium (Go) Mar 18, 2024
giorio94 jschwinger233
julianwiedmann
Credited to giorio94, jschwinger233, and julianwiedmann
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database