GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,120 advisories
Filter by severity
An information disclosure vulnerability exists in the router configuration export functionality...
Moderate
Unreviewed
CVE-2022-26020
was published
May 13, 2022
IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access...
Critical
Unreviewed
CVE-2021-38969
was published
May 12, 2022
** UNSUPPORTED WHEN ASSIGNED ** QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in...
Critical
Unreviewed
CVE-2013-6276
was published
May 5, 2022
An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO...
Moderate
Unreviewed
CVE-2013-1603
was published
May 5, 2022
Use of static encryption key material allows forging an authentication token to other users...
High
Unreviewed
CVE-2022-23724
was published
May 5, 2022
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of...
Critical
Unreviewed
CVE-2009-5154
was published
May 2, 2022
manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key,...
Moderate
Unreviewed
CVE-2008-2369
was published
May 1, 2022
ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not...
High
Unreviewed
CVE-2008-1160
was published
May 1, 2022
EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to...
High
Unreviewed
CVE-2008-0961
was published
May 1, 2022
The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with...
High
Unreviewed
CVE-2007-1063
was published
May 1, 2022
The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in...
Moderate
Unreviewed
CVE-2006-7142
was published
May 1, 2022
admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authentication and gain...
High
Unreviewed
CVE-2006-7074
was published
May 1, 2022
Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP...
Moderate
Unreviewed
CVE-2005-3803
was published
May 1, 2022
The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2...
Moderate
Unreviewed
CVE-2005-3716
was published
May 1, 2022
Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back...
High
Unreviewed
CVE-2005-0496
was published
May 1, 2022
The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known...
High
Unreviewed
CVE-2000-1139
was published
Apr 30, 2022
A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA...
High
Unreviewed
CVE-2022-29856
was published
Apr 30, 2022
In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender...
Critical
Unreviewed
CVE-2021-34601
was published
Apr 28, 2022
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap...
High
Unreviewed
CVE-2022-23942
was published
Apr 27, 2022
ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote...
High
Unreviewed
CVE-2022-26672
was published
Apr 23, 2022
A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance...
High
Unreviewed
CVE-2022-20773
was published
Apr 22, 2022
An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView...
Critical
Unreviewed
CVE-2021-40390
was published
Apr 15, 2022
An authentication bypass vulnerability exists in the device password generation functionality of...
Critical
Unreviewed
CVE-2021-40422
was published
Apr 15, 2022
Hard-coded credentials in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the...
Low
Unreviewed
CVE-2020-25168
was published
Apr 15, 2022
Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI
Moderate
Unreviewed
CVE-2022-27506
was published
Apr 14, 2022
ProTip!
Advisories are also available from the
GraphQL API