GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,740
Composer 4,239
Erlang 31
GitHub Actions 21
Go 2,007
Maven 5,196
npm 3,716
NuGet 662
pip 3,388
Pub 11
RubyGems 885
Rust 851
Swift 36

Unreviewed advisories

All unreviewed 235,795

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

1,167 advisories

Filter by severity

Sort by

Least recently updated

BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat... High Unreviewed

CVE-2022-22765 was published Feb 15, 2022

Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the... Critical Unreviewed

CVE-2020-36062 was published Feb 12, 2022

Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be... Moderate Unreviewed

CVE-2022-22766 was published Feb 12, 2022

Incorrect handling of credential expiry by /nats-io/nats-server Critical

CVE-2020-26892 was published for github.com/nats-io/jwt (Go) Feb 11, 2022

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information... High Unreviewed

CVE-2022-22722 was published Feb 11, 2022

A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an attacker were to obtain the... Critical Unreviewed

CVE-2022-22813 was published Feb 11, 2022

The affected product has a hardcoded private key available inside the project folder, which may... Critical Unreviewed

CVE-2022-22987 was published Feb 10, 2022

A vulnerability has been identified in SICAM TOOLBOX II (All versions). Affected applications use... Moderate Unreviewed

CVE-2021-45106 was published Feb 10, 2022

A Use of Hardcoded Credentials vulnerability exists in AquaView versions 1.60, 7.x, and 8.x that... High Unreviewed

CVE-2021-42833 was published Feb 8, 2022

Online Course Registration v1.0 was discovered to contain hardcoded credentials in the source... Critical Unreviewed

CVE-2020-36064 was published Feb 1, 2022

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to... High Unreviewed

CVE-2021-42635 was published Feb 1, 2022

An information disclosure vulnerability exists due to the hardcoded TLS key of reolink RLC-410W... Moderate Unreviewed

CVE-2022-21199 was published Jan 29, 2022

MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key... Critical Unreviewed

CVE-2022-22928 was published Jan 22, 2022

Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any... Critical Unreviewed

CVE-2021-23233 was published Jan 22, 2022

Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains service credentials likely... High Unreviewed

CVE-2021-44464 was published Jan 22, 2022

Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric... High Unreviewed

CVE-2021-23842 was published Jan 20, 2022

Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service... Low Unreviewed

CVE-2022-0131 was published Jan 18, 2022

The Le-yan dental management system contains a hard-coded credentials vulnerability in the web... Critical Unreviewed

CVE-2022-22056 was published Jan 15, 2022

Lack of administrator control over security vulnerability in MELSEC-F series FX3U-ENET Firmware... High Unreviewed

CVE-2021-20612 was published Jan 15, 2022

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions <... High Unreviewed

CVE-2021-45033 was published Jan 12, 2022

The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL -... High Unreviewed

CVE-2021-43052 was published Jan 12, 2022

QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167f0db2-f83e-4baa-9736... Critical Unreviewed

CVE-2022-22845 was published Jan 11, 2022

Use of Hard-coded Credentials in Apache Kylin High

CVE-2021-45458 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022

ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such that an attacker (who does... Critical Unreviewed

CVE-2021-36751 was published Jan 3, 2022

Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded... High Unreviewed

CVE-2021-20132 was published Dec 31, 2021

Previous 1 2 … 43 44 45 46 47 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,167 advisories