GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
76 advisories
Filter by severity
Cleartext Transmission of Sensitive Information in Apache nifi
High
CVE-2018-17195
was published
for
org.apache.nifi:nifi
(Maven)
Dec 20, 2018
High severity vulnerability that affects com.github.shyiko.ktlint:ktlint-core
High
CVE-2019-1010260
was published
for
com.github.shyiko.ktlint:ktlint-core
(Maven)
Apr 8, 2019
Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit
High
CVE-2019-10240
was published
for
org.eclipse.hawkbit:hawkbit-autoconfigure
(Maven)
Apr 15, 2019
Django Incorrect HTTP detection with reverse-proxy connecting via HTTPS
Moderate
CVE-2019-12781
was published
for
Django
(pip)
Jul 3, 2019
Missing Encryption of Sensitive Data in yarn
High
CVE-2019-5448
was published
for
yarn
(npm)
Jul 31, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Apache Kafka
High
CVE-2019-12399
was published
for
org.apache.kafka:kafka
(Maven)
May 12, 2020
Remote Code Execution and download tracking in Mintegral SDK
Moderate
CVE-2020-7744
was published
for
com.mintegral.msdk:alphab
(Maven)
Apr 22, 2021
Pgsync Contains Cleartext Transmission of Sensitive Information
High
CVE-2021-31671
was published
for
pgsync
(RubyGems)
Apr 27, 2021
Missing encryption in Apache Directory Studio
High
CVE-2021-33900
was published
for
org.apache.directory.studio:org.apache.directory.studio.parent
(Maven)
Aug 9, 2021
Source code is downloaded over cleartext HTTP in portaudio
Moderate
CVE-2016-10933
was published
for
portaudio
(Rust)
Aug 25, 2021
User passwords transmitted in plain text by Jenkins Active Directory Plugin
Moderate
CVE-2022-23105
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
Jan 13, 2022
"catalog's registry v2 api exposed on unauthenticated path in Harbor"
Moderate
CVE-2020-29662
was published
for
github.com/goharbor/harbor
(Go)
Feb 12, 2022
Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials
Moderate
CVE-2022-25180
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Feb 16, 2022
Cleartext Transmission of Sensitive Information in Apache CXF
Moderate
CVE-2014-0035
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Insecure transport protocol in Gradle
Moderate
CVE-2019-11065
was published
for
org.gradle:gradle-core
(Maven)
May 13, 2022
TYPO3 Information Disclosure Vulnerability
Moderate
CVE-2017-6370
was published
for
typo3/cms
(Composer)
May 13, 2022
Missing certificate validation in Apache JMeter
Critical
CVE-2018-1297
was published
for
org.apache.jmeter:ApacheJMeter
(Maven)
May 13, 2022
Setuptools vulnerable to Man-in-the-middle attacks
High
CVE-2013-1633
was published
for
setuptools
(pip)
May 17, 2022
Potentially compromised builds
High
CVE-2019-10249
was published
for
org.eclipse.xtend:org.eclipse.xtend.core
(Maven)
May 24, 2022
Cleartext Transmission of Sensitive Information in Jenkins Configuration as Code Plugin
Moderate
CVE-2019-10363
was published
for
io.jenkins:configuration-as-code
(Maven)
May 24, 2022
Insertion of Sensitive Information into Log File in Jenkins Mask Passwords Plugin
Moderate
CVE-2019-10370
was published
for
org.jenkins-ci.plugins:mask-passwords
(Maven)
May 24, 2022
Jenkins IBM AppScan Plugin showed plain text password in job configuration form fields
Moderate
CVE-2019-10391
was published
for
com.hcl.security:ibm-application-security
(Maven)
May 24, 2022
Jenkins Aqua Security Serverless Scanner Plugin showed plain text password in job configuration form fields
Low
CVE-2019-10397
was published
for
org.jenkins-ci.plugins:aqua-serverless
(Maven)
May 24, 2022
Jenkins Inedo BuildMaster Plugin showed plain text password in configuration form
Low
CVE-2019-10411
was published
for
com.inedo.proget:inedo-proget
(Maven)
May 24, 2022
Jenkins Inedo ProGet Plugin Plugin has Cleartext Transmission of Sensitive Information
Low
CVE-2019-10412
was published
for
com.inedo.proget:inedo-proget
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API