Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,670
Maven
5,000+
npm
4,296
NuGet
760
pip
4,075
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

192 advisories

Loading
Plaintext password storage in Kotaemon 0.11.0 in the client's localStorage. High Unreviewed
CVE-2025-56527 was published Nov 18, 2025
A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in... Moderate Unreviewed
CVE-2025-9982 was published Nov 14, 2025
Jenkins Xooa Plugin vulnerability does not mask its Xooa Deployment Token Moderate
CVE-2025-53677 was published for io.jenkins.plugins:xooa (Maven) Jul 9, 2025
Jenkins Warrior Framework Plugin vulnerability exposes unencrypted passwords to certain authenticated users Moderate
CVE-2025-53675 was published for org.jenkins-ci.plugins:warrior (Maven) Jul 9, 2025
Jenkins Sensedia API Platform Plugin vulnerability exposes unencrypted tokens Moderate
CVE-2025-53674 was published for org.jenkins-ci.plugins:sensedia-api-platform (Maven) Jul 9, 2025
Jenkins VAddy Plugin vulnerability exposes plaintext keys on its job configuration form Moderate
CVE-2025-53669 was published for org.jenkins-ci.plugins:vaddy-plugin (Maven) Jul 9, 2025
Jenkins Nouvola DiveCloud Plugin vulnerability does not mask keys on its job configuration form Moderate
CVE-2025-53671 was published for org.jenkins-ci.plugins:nouvola-divecloud (Maven) Jul 9, 2025
Jenkins IFTTT Build Notifier Plugin vulnerability exposes IFTTT Maker Channel Keys Moderate
CVE-2025-53662 was published for org.jenkins-ci.plugins:ifttt-build-notifier (Maven) Jul 9, 2025
Jenkins Apica Loadtest Plugin vulnerability exposes authentication tokens Moderate
CVE-2025-53664 was published for com.apica:ApicaLoadtest (Maven) Jul 9, 2025
Jenkins QMetry Test Management Plugin vulnerability exposes API keys Moderate
CVE-2025-53660 was published for org.jenkins-ci.plugins:qmetry-test-management (Maven) Jul 9, 2025
Jenkins Apica Loadtest Plugin vulnerability exposes authentication tokens Moderate
CVE-2025-53665 was published for com.apica:ApicaLoadtest (Maven) Jul 9, 2025
Jenkins ReadyAPI Functional Testing Plugin vulnerability stores unencrypted authentication credentials Moderate
CVE-2025-53656 was published for org.jenkins-ci.plugins:soapui-pro-functional-testing (Maven) Jul 9, 2025
Jenkins Statistics Gatherer Plugin does not mask AWS Secret Key Moderate
CVE-2025-53655 was published for org.jenkins.plugins.statistics.gatherer:statistics-gatherer (Maven) Jul 9, 2025
Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user may... Moderate Unreviewed
CVE-2025-46366 was published Nov 5, 2025
User passwords are decrypted and stored on memory before any user logged in. Those decrypted... Moderate Unreviewed
CVE-2024-29978 was published Nov 26, 2024
A potential vulnerability was reported in some Lenovo Tablets that could allow a local... Moderate Unreviewed
CVE-2025-11193 was published Nov 4, 2025
When exporting media types, the password is exported in the YAML in plain text. This appears to... Low Unreviewed
CVE-2024-36464 was published Nov 27, 2024
The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords... High Unreviewed
CVE-2024-36460 was published Aug 12, 2024
IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive... Moderate Unreviewed
CVE-2023-31002 was published Feb 7, 2024
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014... Critical Unreviewed
CVE-2025-27656 was published Mar 5, 2025
IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6... Moderate Unreviewed
CVE-2025-36002 was published Oct 16, 2025
In version 0.0.14 of transformeroptimus/superagi, the API endpoint `/api/users/get/{id}` returns... Moderate Unreviewed
CVE-2024-9418 was published Mar 20, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments)... Critical Unreviewed
CVE-2025-34210 was published Oct 2, 2025
WF2220 exposes endpoint /cgi-bin-igd/netcore_get.cgi that returns configuration of the device to... High Unreviewed
CVE-2025-3758 was published May 8, 2025
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Plaintext... Moderate Unreviewed
CVE-2025-43938 was published Sep 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database