GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
430 advisories
Filter by severity
Improper physical access control and use of hard-coded credentials in /etc/passwd permits an...
High
Unreviewed
CVE-2022-25213
was published
Mar 11, 2022
Hard coded credentials in FreeTAKServer
High
CVE-2022-25510
was published
for
FreeTAKServer
(pip)
Mar 12, 2022
RunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted...
High
Unreviewed
CVE-2022-26660
was published
Mar 17, 2022
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded...
High
Unreviewed
CVE-2022-25246
was published
Mar 17, 2022
In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official...
High
Unreviewed
CVE-2021-46008
was published
Apr 1, 2022
A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of...
High
Unreviewed
CVE-2022-23440
was published
Apr 7, 2022
Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source...
High
Unreviewed
CVE-2022-26671
was published
Apr 8, 2022
A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance...
High
Unreviewed
CVE-2022-20773
was published
Apr 22, 2022
ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote...
High
Unreviewed
CVE-2022-26672
was published
Apr 23, 2022
A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA...
High
Unreviewed
CVE-2022-29856
was published
Apr 30, 2022
The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known...
High
Unreviewed
CVE-2000-1139
was published
Apr 30, 2022
Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back...
High
Unreviewed
CVE-2005-0496
was published
May 1, 2022
admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authentication and gain...
High
Unreviewed
CVE-2006-7074
was published
May 1, 2022
The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with...
High
Unreviewed
CVE-2007-1063
was published
May 1, 2022
EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to...
High
Unreviewed
CVE-2008-0961
was published
May 1, 2022
ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not...
High
Unreviewed
CVE-2008-1160
was published
May 1, 2022
Use of static encryption key material allows forging an authentication token to other users...
High
Unreviewed
CVE-2022-23724
was published
May 5, 2022
A hard-coded password vulnerability exists in the console infactory functionality of InHand...
High
Unreviewed
CVE-2022-27172
was published
May 13, 2022
Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due...
High
Unreviewed
CVE-2019-3710
was published
May 13, 2022
An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. The tools/ping...
High
Unreviewed
CVE-2019-3497
was published
May 13, 2022
An issue was discovered on Wifi-soft UniBox controller 3.x devices. The tools/controller...
High
Unreviewed
CVE-2019-3496
was published
May 13, 2022
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough...
High
Unreviewed
CVE-2017-14115
was published
May 13, 2022
A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When...
High
Unreviewed
CVE-2018-10898
was published
May 13, 2022
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses...
High
Unreviewed
CVE-2019-7161
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API