Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

44 advisories

Loading
Python package "zhmcclient" stores passwords in clear text in its HMC and API logs Moderate
CVE-2024-53865 was published for zhmcclient (pip) Dec 2, 2024
andy-maier
OpenC3 stores passwords in clear text (`GHSL-2024-129`) Moderate
CVE-2024-47529 was published for @openc3/tool-common (RubyGems) Oct 2, 2024
p-
Mattermost doesn't redact remote users' original email addresses Moderate
CVE-2024-32939 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance Moderate
CVE-2024-24595 was published for clearml (pip) Feb 6, 2024
m3t3kh4n
Infinispan caches credentials in clear text Moderate
CVE-2023-5384 was published for org.infinispan:infinispan-cachestore-jdbc (Maven) Dec 28, 2023
Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin Moderate
CVE-2023-50770 was published for org.jenkins-ci.plugins:oic-auth (Maven) Dec 13, 2023
westonsteimel
Tokens stored in plain text by Dingding JSON Pusher Plugin Moderate
CVE-2023-50772 was published for com.zintow:dingding-json-pusher (Maven) Dec 13, 2023
Displayed in plain text by Dingding JSON Pusher Plugin Moderate
CVE-2023-50773 was published for com.zintow:dingding-json-pusher (Maven) Dec 13, 2023
Tokens stored in plain text by PaaSLane Estimate Plugin Moderate
CVE-2023-50776 was published for com.cloudtp.jenkins:paaslane-estimate (Maven) Dec 13, 2023
Tokens stored in plain text by PaaSLane Estimate Plugin Moderate
CVE-2023-50777 was published for com.cloudtp.jenkins:paaslane-estimate (Maven) Dec 13, 2023
Cleartext Storage of Sensitive Information in HMAC SHA256 Authentication Moderate
CVE-2023-48707 was published for codeigniter4/shield (Composer) Nov 23, 2023
Jenkins Ansible Plugin job configuration form does not mask variables Moderate
CVE-2023-32983 was published for org.jenkins-ci.plugins:ansible (Maven) May 16, 2023
Lightbend Alpakka Kafka logs credentials on debug level Moderate
CVE-2023-29471 was published for com.typesafe.akka:akka-stream-kafka (Maven) Apr 27, 2023
Jenkins Consul KV Builder Plugin stores HashiCorp Consul ACL Token unencrypted Moderate
CVE-2023-30530 was published for org.jenkins-ci.plugins:consul-kv-builder (Maven) Apr 12, 2023
Jenkins Report Portal Plugin allows users with Item/Extended Read permission to view tokens on Jenkins controller Moderate
CVE-2023-30523 was published for org.jenkins-ci.plugins:reportportal (Maven) Apr 12, 2023
Jenkins Consul KV Builder Plugin stores HashiCorp Consul ACL Token unencrypted Moderate
CVE-2023-30531 was published for org.jenkins-ci.plugins:consul-kv-builder (Maven) Apr 12, 2023
Apache Linkis vulnerable to Exposure of Sensitive Information Moderate
CVE-2022-44644 was published for org.apache.linkis:linkis (Maven) Jan 31, 2023
Passwords stored in plain text by Jenkins view-cloner Plugin Moderate
CVE-2023-24450 was published for org.jenkins-ci.plugins:view-cloner (Maven) Jan 26, 2023
Plaintext storage of Access Token in Jenkins GitHub Pull Request Coverage Status Plugin Moderate
CVE-2023-24442 was published for org.jenkins-ci.plugins:github-pr-coverage-status (Maven) Jan 26, 2023
Plaintext Storage of a Password in Jenkins JIRA Pipeline Steps Plugin Moderate
CVE-2023-24439 was published for org.jenkins-ci.plugins:jira-steps (Maven) Jan 26, 2023
Plaintext Storage of a Password in Jenkins TestQuality Updater Plugin Moderate
CVE-2023-24454 was published for org.jenkins-ci.plugins:testquality-updater (Maven) Jan 26, 2023
Apache James MIME4J vulnerable to information disclosure to local users Moderate
CVE-2022-45787 was published for org.apache.james:apache-mime4j-storage (Maven) Jan 6, 2023
joshbressers
Plaintext storage of password after a reset in org.xwiki.platform:xwiki-platform-security-authentication-default Moderate
CVE-2022-41933 was published for org.xwiki.platform:xwiki-platform-security-authentication-default (Maven) Nov 21, 2022
Shopware contains sensitive data in backend customer module Moderate
CVE-2022-36101 was published for shopware/shopware (Composer) Sep 16, 2022
ProTip! Advisories are also available from the GraphQL API