GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
77 advisories
Filter by severity
django-nopassword stores secrets in cleartext
High
CVE-2019-10682
was published
for
django-nopassword
(pip)
Jun 5, 2020
Infinispan caches credentials in clear text
Low
CVE-2023-5384
was published
for
org.infinispan:infinispan-cachestore-jdbc
(Maven)
Dec 28, 2023
User passwords are stored in clear text in the Django session
Moderate
CVE-2020-15105
was published
for
django-two-factor-auth
(pip)
Jul 10, 2020
django-celery-results Stores Sensitive Information In Cleartext
High
CVE-2020-17495
was published
for
django-celery-results
(pip)
Jun 4, 2021
Tina search token leak via lock file in TinaCMS
High
CVE-2024-45391
was published
for
@tinacms/cli
(npm)
Sep 3, 2024
Apache Airflow logs passwords in plaintext
Low
CVE-2020-17511
was published
for
apache-airflow
(pip)
Dec 17, 2020
Mattermost doesn't redact remote users' original email addresses
Moderate
CVE-2024-32939
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 22, 2024
Grafana information disclosure
Moderate
CVE-2020-12458
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Password exposure in H2 Database
High
CVE-2022-45868
was published
for
com.h2database:h2
(Maven)
Nov 23, 2022
Password confirmation stored in plain text via registration form in statamic/cms
Low
CVE-2024-36119
was published
for
statamic/cms
(Composer)
Jun 2, 2024
SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod
Moderate
CVE-2021-25284
was published
for
salt
(pip)
May 24, 2022
Sentry vulnerable to leaking superuser cleartext password in logs
High
CVE-2024-32474
was published
for
sentry
(pip)
Apr 18, 2024
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance
Moderate
CVE-2024-24595
was published
for
clearml
(pip)
Feb 6, 2024
Cleartext storage of session identifier
High
CVE-2020-26228
was published
for
typo3/cms
(Composer)
Nov 23, 2020
Magento 2 Community Edition Weak Cryptography
Moderate
CVE-2019-8118
was published
for
magento/community-edition
(Composer)
May 24, 2022
Cleartext storage of session identifier
Moderate
CVE-2021-21339
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service
Moderate
CVE-2023-51702
was published
for
apache-airflow
(pip)
Jan 24, 2024
Jenkins NeuVector Vulnerability Scanner Plugin stored credentials in plain text
Moderate
CVE-2019-10430
was published
for
io.jenkins.plugins:neuvector-vulnerability-scanner
(Maven)
May 24, 2022
Jenkins Ansible Plugin job configuration form does not mask variables
Moderate
CVE-2023-32983
was published
for
org.jenkins-ci.plugins:ansible
(Maven)
May 16, 2023
matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes
Low
CVE-2023-41335
was published
for
matrix-synapse
(pip)
Sep 26, 2023
Jenkins Support Core Plugin stores sensitive data in plain text
Moderate
CVE-2022-25187
was published
for
org.jenkins-ci.plugins:support-core
(Maven)
Feb 16, 2022
Jenkins Fortify on Demand Plugin stores credentials in plain text
Moderate
CVE-2019-10449
was published
for
org.jenkins-ci.plugins:fortify-on-demand-uploader
(Maven)
May 24, 2022
Solr search discloses password hashes of all users
High
CVE-2023-50719
was published
for
org.xwiki.platform:xwiki-platform-search-solr-api
(Maven)
Dec 16, 2023
Tokens stored in plain text by PaaSLane Estimate Plugin
Moderate
CVE-2023-50777
was published
for
com.cloudtp.jenkins:paaslane-estimate
(Maven)
Dec 13, 2023
Tokens stored in plain text by PaaSLane Estimate Plugin
Moderate
CVE-2023-50776
was published
for
com.cloudtp.jenkins:paaslane-estimate
(Maven)
Dec 13, 2023
ProTip!
Advisories are also available from the
GraphQL API