GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,120 advisories
Filter by severity
In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server...
High
Unreviewed
CVE-2023-52723
was published
Apr 29, 2024
An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to overwrite...
Moderate
Unreviewed
CVE-2024-22813
was published
Apr 22, 2024
Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation...
High
Unreviewed
CVE-2024-29966
was published
Apr 19, 2024
In the Brocade SANnav server versions before v2.3.1 and v2.3.0a, the SSH keys inside the OVA...
High
Unreviewed
CVE-2024-29960
was published
Apr 19, 2024
Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded keys used by Docker to reach...
High
Unreviewed
CVE-2024-29963
was published
Apr 19, 2024
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which...
High
Unreviewed
CVE-2024-31873
was published
Apr 10, 2024
Azure AI Search Information Disclosure Vulnerability
High
Unreviewed
CVE-2024-29063
was published
Apr 9, 2024
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been...
Critical
Unreviewed
CVE-2024-3272
was published
Apr 4, 2024
Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local...
Moderate
Unreviewed
CVE-2024-3130
was published
Apr 1, 2024
Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass...
Critical
Unreviewed
CVE-2024-2161
was published
Mar 21, 2024
Chirp Access improperly stores credentials within its source code, potentially exposing...
Critical
Unreviewed
CVE-2024-2197
was published
Mar 20, 2024
A CWE-798 “Use of Hard-coded Credentials” vulnerability in the MariaDB database of the web...
High
Unreviewed
CVE-2023-5456
was published
Mar 5, 2024
A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719....
Low
Unreviewed
CVE-2024-1661
was published
Feb 20, 2024
Encrypted database credentials in LaborOfficeFree affecting version 19.10. This vulnerability...
Moderate
Unreviewed
CVE-2024-1344
was published
Feb 19, 2024
Use of Hard-coded Credentials vulnerability in Utarit Information Technologies SoliPay Mobile App...
High
Unreviewed
CVE-2023-6255
was published
Feb 15, 2024
INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. The same...
Unknown
Unreviewed
CVE-2024-0390
was published
Feb 15, 2024
Use of a hard-coded password for a special database account created during Comarch ERP XL...
High
Unreviewed
CVE-2023-4539
was published
Feb 15, 2024
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized
access...
High
Unreviewed
CVE-2023-6409
was published
Feb 14, 2024
A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0)...
Critical
Unreviewed
CVE-2024-23816
was published
Feb 13, 2024
IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password...
Moderate
Unreviewed
CVE-2024-22313
was published
Feb 10, 2024
An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via...
Critical
Unreviewed
CVE-2023-38995
was published
Feb 7, 2024
D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account...
Critical
Unreviewed
CVE-2024-22853
was published
Feb 6, 2024
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded...
Critical
Unreviewed
CVE-2024-21764
was published
Feb 2, 2024
Multiple MachineSense devices have credentials unable to be changed by the user or...
Critical
Unreviewed
CVE-2023-46706
was published
Feb 2, 2024
TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root...
Critical
Unreviewed
CVE-2024-24324
was published
Jan 30, 2024
ProTip!
Advisories are also available from the
GraphQL API