GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
529 advisories
Filter by severity
EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. Unit has an undocumented...
Critical
Unreviewed
CVE-2022-39185
was published
Jan 12, 2023
The following Yokogawa Electric products hard-code the password for CAMS server applications:...
Critical
Unreviewed
CVE-2022-23402
was published
Mar 12, 2022
The following Yokogawa Electric products do not change the passwords of the internal Windows...
Critical
Unreviewed
CVE-2022-21194
was published
Mar 12, 2022
Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard coded credentials. A hardcoded...
Critical
Unreviewed
CVE-2021-45877
was published
Mar 22, 2022
ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite...
Critical
Unreviewed
CVE-2022-25577
was published
Mar 26, 2022
Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded...
Critical
Unreviewed
CVE-2022-24693
was published
Mar 31, 2022
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP...
Critical
Unreviewed
CVE-2022-1162
was published
Apr 5, 2022
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21,...
Critical
Unreviewed
CVE-2021-30064
was published
Apr 5, 2022
Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static SSH keys across...
Critical
Unreviewed
CVE-2022-25569
was published
Apr 5, 2022
A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiEDR versions 5.0.2, 5.0.1,...
Critical
Unreviewed
CVE-2022-23441
was published
Apr 7, 2022
An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView...
Critical
Unreviewed
CVE-2021-40390
was published
Apr 15, 2022
An authentication bypass vulnerability exists in the device password generation functionality of...
Critical
Unreviewed
CVE-2021-40422
was published
Apr 15, 2022
An exploitable unsafe default configuration vulnerability exists in the TURN server function of...
Critical
Unreviewed
CVE-2018-4059
was published
May 13, 2022
A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the...
Critical
Unreviewed
CVE-2022-41157
was published
Nov 25, 2022
Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows...
Critical
Unreviewed
CVE-2022-44097
was published
Nov 30, 2022
IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a...
Critical
Unreviewed
CVE-2020-4854
was published
May 24, 2022
Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the ...
Critical
Unreviewed
CVE-2019-5021
was published
May 24, 2022
Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows...
Critical
Unreviewed
CVE-2022-44096
was published
Nov 30, 2022
Undocumented Default Cryptographic Key Vulnerability in Cohesity DataPlatform version 6.3 prior 6...
Critical
Unreviewed
CVE-2021-28123
was published
May 24, 2022
SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and...
Critical
Unreviewed
CVE-2020-13963
was published
May 24, 2022
An attacker can gain full access (read/write/delete) to sensitive folders due to hard-coded...
Critical
Unreviewed
CVE-2021-33016
was published
May 27, 2022
A vulnerability was found in Telecommunication Software SAMwin Contact Center Suite 5.1. It has...
Critical
Unreviewed
CVE-2013-10002
was published
May 25, 2022
USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded...
Critical
Unreviewed
CVE-2022-29730
was published
Jun 3, 2022
VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys...
Critical
Unreviewed
CVE-2016-5333
was published
May 17, 2022
MEDHOST Connex contains a hard-coded Mirth Connect admin credential that is used for customer...
Critical
Unreviewed
CVE-2017-11743
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API