Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

430 advisories

Loading
TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at... High Unreviewed
CVE-2022-36614 was published Aug 29, 2022
TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root... High Unreviewed
CVE-2022-36615 was published Aug 29, 2022
TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root... High Unreviewed
CVE-2022-36612 was published Aug 29, 2022
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at... High Unreviewed
CVE-2022-36613 was published Aug 29, 2022
BAB TECHNOLOGIE GmbH eibPort V3. Each device has its own unique hard coded and weak root SSH key... High Unreviewed
CVE-2021-28912 was published May 24, 2022
A vulnerability involving insecure storage of sensitive information has been reported to affect... High Unreviewed
CVE-2021-28813 was published May 24, 2022
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only... High Unreviewed
CVE-2021-41827 was published May 24, 2022
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with... High Unreviewed
CVE-2021-41828 was published May 24, 2022
The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key... High Unreviewed
CVE-2021-38461 was published May 24, 2022
A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA... High Unreviewed
CVE-2022-29856 was published Apr 30, 2022
Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak... High Unreviewed
CVE-2020-15382 was published May 24, 2022
The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known... High Unreviewed
CVE-2000-1139 was published Apr 30, 2022
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames,... High Unreviewed
CVE-2019-3938 was published May 24, 2022
admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authentication and gain... High Unreviewed
CVE-2006-7074 was published May 1, 2022
Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that... High Unreviewed
CVE-2022-31269 was published Aug 26, 2022
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through... High Unreviewed
CVE-2022-46411 was published Dec 4, 2022
The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with... High Unreviewed
CVE-2007-1063 was published May 1, 2022
In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to... High Unreviewed
CVE-2022-42176 was published Oct 20, 2022
MA Lighting grandMA2 Light has a password of root for the root account. NOTE: The vendor's... High Unreviewed
CVE-2022-30036 was published Aug 22, 2022
A hard-coded password vulnerability exists in the console infactory functionality of InHand... High Unreviewed
CVE-2022-27172 was published May 13, 2022
Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due... High Unreviewed
CVE-2019-3710 was published May 13, 2022
An issue was discovered on Wifi-soft UniBox controller 3.x devices. The tools/controller... High Unreviewed
CVE-2019-3496 was published May 13, 2022
An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. The tools/ping... High Unreviewed
CVE-2019-3497 was published May 13, 2022
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough... High Unreviewed
CVE-2017-14115 was published May 13, 2022
A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When... High Unreviewed
CVE-2018-10898 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database