GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
414 advisories
Filter by severity
Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: ...
High
Unreviewed
CVE-2022-37710
was published
Nov 7, 2022
BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited...
High
Unreviewed
CVE-2022-40263
was published
Nov 5, 2022
A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco...
High
Unreviewed
CVE-2022-20868
was published
Nov 4, 2022
Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle ...
High
Unreviewed
CVE-2021-4228
was published
Oct 24, 2022
In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to...
High
Unreviewed
CVE-2022-42176
was published
Oct 20, 2022
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a...
High
Unreviewed
CVE-2022-38420
was published
Oct 15, 2022
Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An...
High
Unreviewed
CVE-2022-34425
was published
Oct 11, 2022
FlyteAdmin's Default OAuth Authorization Server secret must be rotated
High
CVE-2022-39273
was published
for
github.com/flyteorg/flyteadmin
(Go)
Oct 5, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication.
High
Unreviewed
CVE-2020-15327
was published
Sep 30, 2022
Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for...
High
Unreviewed
CVE-2022-36159
was published
Sep 27, 2022
Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges...
High
Unreviewed
CVE-2022-31322
was published
Sep 14, 2022
bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded...
High
Unreviewed
CVE-2022-37857
was published
Sep 9, 2022
In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded password for root in /etc/shadow...
High
Unreviewed
CVE-2022-37841
was published
Sep 7, 2022
TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at...
High
Unreviewed
CVE-2022-36611
was published
Aug 29, 2022
TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root...
High
Unreviewed
CVE-2022-36612
was published
Aug 29, 2022
TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at ...
High
Unreviewed
CVE-2022-36610
was published
Aug 29, 2022
TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root...
High
Unreviewed
CVE-2022-36615
was published
Aug 29, 2022
TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a...
High
Unreviewed
CVE-2022-36616
was published
Aug 29, 2022
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at...
High
Unreviewed
CVE-2022-36613
was published
Aug 29, 2022
TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at...
High
Unreviewed
CVE-2022-36614
was published
Aug 29, 2022
Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that...
High
Unreviewed
CVE-2022-31269
was published
Aug 26, 2022
MA Lighting grandMA2 Light has a password of root for the root account. NOTE: The vendor's...
High
Unreviewed
CVE-2022-30036
was published
Aug 22, 2022
MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end and can lead to escalation of...
High
Unreviewed
CVE-2022-36170
was published
Aug 20, 2022
MapGIS IGServer 10.5.6.11 is vulnerable to Arbitrary file deletion.
High
Unreviewed
CVE-2022-36171
was published
Aug 20, 2022
'Hulu / ????' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded...
High
Unreviewed
CVE-2022-35734
was published
Aug 17, 2022
ProTip!
Advisories are also available from the
GraphQL API