Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

414 advisories

Loading
admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authentication and gain... High Unreviewed
CVE-2006-7074 was published May 1, 2022
Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back... High Unreviewed
CVE-2005-0496 was published May 1, 2022
The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known... High Unreviewed
CVE-2000-1139 was published Apr 30, 2022
A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA... High Unreviewed
CVE-2022-29856 was published Apr 30, 2022
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap... High Unreviewed
CVE-2022-23942 was published Apr 27, 2022
ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote... High Unreviewed
CVE-2022-26672 was published Apr 23, 2022
A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance... High Unreviewed
CVE-2022-20773 was published Apr 22, 2022
Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source... High Unreviewed
CVE-2022-26671 was published Apr 8, 2022
A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of... High Unreviewed
CVE-2022-23440 was published Apr 7, 2022
In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official... High Unreviewed
CVE-2021-46008 was published Apr 1, 2022
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded... High Unreviewed
CVE-2022-25246 was published Mar 17, 2022
RunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted... High Unreviewed
CVE-2022-26660 was published Mar 17, 2022
Hard coded credentials in FreeTAKServer High
CVE-2022-25510 was published for FreeTAKServer (pip) Mar 12, 2022
Improper physical access control and use of hard-coded credentials in /etc/passwd permits an... High Unreviewed
CVE-2022-25213 was published Mar 11, 2022
Use of a hard-coded cryptographic key pair by the telnetd_startup service allows an attacker on... High Unreviewed
CVE-2022-25217 was published Mar 11, 2022
Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to... High Unreviewed
CVE-2022-24255 was published Mar 3, 2022
Use of Hard-coded Cryptographic Key in Netmaker High
CVE-2022-23650 was published for github.com/gravitl/netmaker (Go) Feb 22, 2022
JamieSlome MrSuicideParrot
The use of a hard-coded cryptographic key significantly increases the possibility encrypted data... High Unreviewed
CVE-2021-46247 was published Feb 18, 2022
BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat... High Unreviewed
CVE-2022-22765 was published Feb 15, 2022
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information... High Unreviewed
CVE-2022-22722 was published Feb 11, 2022
A Use of Hardcoded Credentials vulnerability exists in AquaView versions 1.60, 7.x, and 8.x that... High Unreviewed
CVE-2021-42833 was published Feb 8, 2022
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to... High Unreviewed
CVE-2021-42635 was published Feb 1, 2022
Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains service credentials likely... High Unreviewed
CVE-2021-44464 was published Jan 22, 2022
Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric... High Unreviewed
CVE-2021-23842 was published Jan 20, 2022
Lack of administrator control over security vulnerability in MELSEC-F series FX3U-ENET Firmware... High Unreviewed
CVE-2021-20612 was published Jan 15, 2022
ProTip! Advisories are also available from the GraphQL API