Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,175
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

50 advisories

Loading
guzzlehttp/guzzle: Silent HTTPS-Proxy Downgrade to Cleartext Moderate
CVE-2026-55568 was published for guzzlehttp/guzzle (Composer) Jun 19, 2026
GrahamCampbell Credited to GrahamCampbell
Rancher's weave CNI password is not configured when a cluster is created from an RKE template Moderate
CVE-2022-21951 was published for github.com/rancher/rancher (Go) Mar 3, 2026
Jenkins Curseforge Publisher Plugin does not mask API Keys displayed on the job configuration form Moderate
CVE-2025-64147 was published for org.jenkins-ci.plugins:curseforge-publisher (Maven) Oct 29, 2025
Jenkins OpenShift Pipeline Plugin stores authorization tokens unencrypted in job config.xml files Moderate
CVE-2025-64143 was published for com.openshift.jenkins:openshift-pipeline (Maven) Oct 29, 2025
Jenkins ByteGuard Build Actions Plugin does not mask API tokens displayed on the job configuration form Moderate
CVE-2025-64145 was published for io.jenkins.plugins:byteguard-build-actions (Maven) Oct 29, 2025
Jenkins Curseforge Publisher Plugin stores API Keys unencrypted in job config.xml files Moderate
CVE-2025-64146 was published for org.jenkins-ci.plugins:curseforge-publisher (Maven) Oct 29, 2025
Jenkins ByteGuard Build Actions Plugin stores API tokens unencrypted in job config.xml files Moderate
CVE-2025-64144 was published for io.jenkins.plugins:byteguard-build-actions (Maven) Oct 29, 2025
DragonFly's tiny file download uses hard coded HTTP protocol Moderate
CVE-2025-59410 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi Credited to gaius-qi
Jenkins Xooa Plugin vulnerability exposes unencrypted tokens to authenticated users Moderate
CVE-2025-53676 was published for io.jenkins.plugins:xooa (Maven) Jul 9, 2025
Jenkins IBM Cloud DevOps Plugin vulnerability exposes SonarQube authentication tokens Moderate
CVE-2025-53663 was published for com.ibm.devops:ibm-cloud-devops (Maven) Jul 9, 2025
Jenkins VAddy Plugin vulnerability exposes unencrypted keys to certain authenticated users Moderate
CVE-2025-53668 was published for org.jenkins-ci.plugins:vaddy-plugin (Maven) Jul 9, 2025
Jenkins Sensedia API Platform Plugin vulnerability exposes unencrypted tokens in its global configuration file Moderate
CVE-2025-53673 was published for org.jenkins-ci.plugins:sensedia-api-platform (Maven) Jul 9, 2025
Jenkins QMetry Test Management Plugin stores unencrypted API keys Moderate
CVE-2025-53659 was published for org.jenkins-ci.plugins:qmetry-test-management (Maven) Jul 9, 2025
Jenkins Dead Man's Snitch Plugin vulnerability stores tokens in plain text Moderate
CVE-2025-53666 was published for org.jenkins-ci.plugins:deadmanssnitch (Maven) Jul 9, 2025
Jenkins Aqua Security Scanner Plugin vulnerability exposes scanner tokens Moderate
CVE-2025-53653 was published for org.jenkins-ci.plugins:aqua-security-scanner (Maven) Jul 9, 2025
Jenkins AsakusaSatellite Plugin Does not Mask API Keys via Job Configuration Form Moderate
CVE-2025-31728 was published for org.codefirst.jenkins.asakusasatellite:asakusa-satellite-plugin (Maven) Apr 2, 2025
Snowflake JDBC Security Advisory Moderate
CVE-2024-43382 was published for net.snowflake:snowflake-jdbc (Maven) Oct 30, 2024
Elasticsearch stores private key on disk unencrypted Moderate
CVE-2024-23444 was published for org.elasticsearch:elasticsearch (Maven) Jul 31, 2024
silverstripe/framework users inadvertently passing sensitive data to LoginAttempt Moderate
GHSA-ph62-fv59-vf9h was published for silverstripe/framework (Composer) May 27, 2024
Unencrypted traffic between nodes when using WireGuard and L7 policies Moderate
CVE-2024-28250 was published for github.com/cilium/cilium (Go) Mar 18, 2024
giorio94 Credited to giorio94, brb, and jschwinger233 brb brb
jschwinger233 jschwinger233
Unencrypted traffic between nodes when using IPsec and L7 policies Moderate
CVE-2024-28249 was published for github.com/cilium/cilium (Go) Mar 18, 2024
giorio94 Credited to giorio94, jschwinger233, and julianwiedmann jschwinger233 jschwinger233
julianwiedmann julianwiedmann
Unencrypted traffic between pods when using Wireguard and an external kvstore Moderate
CVE-2024-25631 was published for github.com/cilium/cilium (Go) Feb 20, 2024
gandro Credited to gandro and giorio94 giorio94 giorio94
Unencrypted ingress/health traffic when using Wireguard transparent encryption Moderate
CVE-2024-25630 was published for github.com/cilium/cilium (Go) Feb 20, 2024
gandro Credited to gandro and giorio94 giorio94 giorio94
Croc requires senders to provide local IP addresses in cleartext Moderate
CVE-2023-43618 was published for github.com/schollz/croc/v9 (Go) Sep 20, 2023
schollz Credited to schollz
Jenkins Active Directory Plugin vulnerable to Active Directory credential disclosure Moderate
CVE-2023-37943 was published for org.jenkins-ci.plugins:active-directory (Maven) Jul 12, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database