Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

548 advisories

Loading
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or... Critical Unreviewed
CVE-2023-33836 was published Oct 16, 2023
All versions of the qBittorrent client through 4.5.5 use default credentials when the web user... Critical Unreviewed
CVE-2023-30801 was published Oct 10, 2023
Qognify NiceVision versions 3.1 and prior are vulnerable to exposing sensitive information... Critical Unreviewed
CVE-2023-2306 was published Oct 5, 2023
A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to... Critical Unreviewed
CVE-2023-20101 was published Oct 4, 2023
Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation... Critical Unreviewed
CVE-2023-2809 was published Oct 4, 2023
Use of a static key to protect a JWT token used in user authentication can allow an for an... Critical Unreviewed
CVE-2023-5074 was published Sep 20, 2023
** UNSUPPPORTED WHEN ASSIGNED ** Devices ekorCCP and ekorRCI are vulnerable due to access to the... Critical Unreviewed
CVE-2022-47558 was published Sep 19, 2023
An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2023-42336 was published Sep 16, 2023
i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default... Critical Unreviewed
CVE-2023-37755 was published Sep 14, 2023
The /irmdata/api/ endpoints exposed by the IRM Next Generation booking engine authenticates... Critical Unreviewed
CVE-2023-39422 was published Sep 7, 2023
A hard coded password in Super Store Finder v3.6 allows attackers to access the administration... Critical Unreviewed
CVE-2023-41508 was published Sep 5, 2023
Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site... Critical Unreviewed
CVE-2023-23770 was published Aug 29, 2023
SpotCam Co., Ltd. SpotCam FHD 2 has a vulnerability of using hard-coded uBoot credentials. An... Critical Unreviewed
CVE-2023-38026 was published Aug 28, 2023
SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of using hard-coded... Critical Unreviewed
CVE-2023-38024 was published Aug 28, 2023
N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a hardcoded root password which... Critical Unreviewed
CVE-2023-39808 was published Aug 21, 2023
NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential... Critical Unreviewed
CVE-2023-4204 was published Aug 16, 2023
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to... Critical Unreviewed
CVE-2023-3264 was published Aug 14, 2023
Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's... Critical Unreviewed
CVE-2023-33372 was published Aug 4, 2023
Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and... Critical Unreviewed
CVE-2023-33371 was published Aug 3, 2023
JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials Critical Unreviewed
CVE-2023-37215 was published Jul 30, 2023
Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials Critical Unreviewed
CVE-2023-32227 was published Jul 30, 2023
TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password (PIN):... Critical Unreviewed
CVE-2023-33744 was published Jul 27, 2023
Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An... Critical Unreviewed
CVE-2023-37291 was published Jul 21, 2023
SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated... Critical Unreviewed
CVE-2023-37287 was published Jul 10, 2023
SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated... Critical Unreviewed
CVE-2023-37286 was published Jul 10, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database