GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,169 advisories
Filter by severity
ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote...
High
Unreviewed
CVE-2022-26672
was published
Apr 23, 2022
In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender...
Critical
Unreviewed
CVE-2021-34601
was published
Apr 28, 2022
A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA...
High
Unreviewed
CVE-2022-29856
was published
Apr 30, 2022
The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known...
High
Unreviewed
CVE-2000-1139
was published
Apr 30, 2022
Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back...
High
Unreviewed
CVE-2005-0496
was published
May 1, 2022
The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2...
Moderate
Unreviewed
CVE-2005-3716
was published
May 1, 2022
Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP...
Moderate
Unreviewed
CVE-2005-3803
was published
May 1, 2022
admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authentication and gain...
High
Unreviewed
CVE-2006-7074
was published
May 1, 2022
The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in...
Moderate
Unreviewed
CVE-2006-7142
was published
May 1, 2022
The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with...
High
Unreviewed
CVE-2007-1063
was published
May 1, 2022
EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to...
High
Unreviewed
CVE-2008-0961
was published
May 1, 2022
ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not...
High
Unreviewed
CVE-2008-1160
was published
May 1, 2022
manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key,...
Moderate
Unreviewed
CVE-2008-2369
was published
May 1, 2022
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of...
Critical
Unreviewed
CVE-2009-5154
was published
May 2, 2022
Use of static encryption key material allows forging an authentication token to other users...
High
Unreviewed
CVE-2022-23724
was published
May 5, 2022
An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO...
Moderate
Unreviewed
CVE-2013-1603
was published
May 5, 2022
** UNSUPPORTED WHEN ASSIGNED ** QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in...
Critical
Unreviewed
CVE-2013-6276
was published
May 5, 2022
IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access...
Critical
Unreviewed
CVE-2021-38969
was published
May 12, 2022
An information disclosure vulnerability exists in the router configuration export functionality...
Moderate
Unreviewed
CVE-2022-26020
was published
May 13, 2022
A hard-coded password vulnerability exists in the console infactory functionality of InHand...
High
Unreviewed
CVE-2022-27172
was published
May 13, 2022
Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12....
Critical
Unreviewed
CVE-2016-8731
was published
May 13, 2022
An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless...
Critical
Unreviewed
CVE-2016-8717
was published
May 13, 2022
An exploitable unsafe default configuration vulnerability exists in the TURN server function of...
Critical
Unreviewed
CVE-2018-4059
was published
May 13, 2022
Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows...
Moderate
Unreviewed
CVE-2012-4712
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API