Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

171 advisories

Loading
The FACSChorus software contains sensitive information stored in plaintext. A threat actor could... Moderate Unreviewed
CVE-2023-29064 was published Nov 28, 2023
Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for... Moderate Unreviewed
CVE-2023-43583 was published Dec 14, 2023
SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard... Moderate Unreviewed
CVE-2023-48374 was published Dec 15, 2023
IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or... Moderate Unreviewed
CVE-2023-47704 was published Dec 20, 2023
In Pexip VMR self-service portal before 3, the same SSH host key is used across different... Moderate Unreviewed
CVE-2023-40236 was published Dec 25, 2023
VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an... Moderate Unreviewed
CVE-2023-46711 was published Dec 26, 2023
Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka... Moderate Unreviewed
CVE-2023-46919 was published Dec 27, 2023
Phlox com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus has an Android... Moderate Unreviewed
CVE-2023-46918 was published Dec 28, 2023
An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses... Moderate Unreviewed
CVE-2023-49228 was published Dec 28, 2023
IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or... Moderate Unreviewed
CVE-2023-50948 was published Jan 8, 2024
Apprite CLI makes Use of Hard-coded Credentials Moderate
CVE-2023-50974 was published for appwrite (npm) Jan 9, 2024
Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default... Moderate Unreviewed
CVE-2023-50124 was published Jan 11, 2024
The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded... Moderate Unreviewed
CVE-2023-28897 was published Jan 12, 2024
Hard-coded credentials in org.folio:mod-remote-storage Moderate
CVE-2024-23685 was published for org.folio:mod-remote-storage (Maven) Jan 19, 2024
Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a... Moderate Unreviewed
CVE-2024-23453 was published Jan 24, 2024
Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an... Moderate Unreviewed
CVE-2023-6482 was published Jan 27, 2024
IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password... Moderate Unreviewed
CVE-2024-22313 was published Feb 10, 2024
Encrypted database credentials in LaborOfficeFree affecting version 19.10. This vulnerability... Moderate Unreviewed
CVE-2024-1344 was published Feb 19, 2024
Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local... Moderate Unreviewed
CVE-2024-3130 was published Apr 1, 2024
An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to overwrite... Moderate Unreviewed
CVE-2024-22813 was published Apr 22, 2024
NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability. This... Moderate Unreviewed
CVE-2023-34284 was published May 3, 2024
Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass... Moderate Unreviewed
CVE-2023-39458 was published May 3, 2024
D-Link DCS-8300LHV2 ONVIF Hardcoded PIN Authentication Bypass Vulnerability. This vulnerability... Moderate Unreviewed
CVE-2023-51629 was published May 3, 2024
Apache Submarine Commons Utils has a hard-coded secret Moderate
CVE-2024-36264 was published for apache-submarine (Maven) Jun 12, 2024
All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An... Moderate Unreviewed
CVE-2024-27159 was published Jun 14, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database