GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,218
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
15 advisories
Filter by severity
The affected product exposes multiple sensitive data fields of the affected product. An attacker...
Critical
Unreviewed
CVE-2022-46738
was published
May 23, 2023
Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise,...
Critical
Unreviewed
CVE-2023-0635
was published
Jul 6, 2023
Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password...
Moderate
Unreviewed
CVE-2023-3470
was published
Aug 2, 2023
The Priva TopControl Suite contains predictable credentials for the SSH service, based on the...
High
Unreviewed
CVE-2022-3010
was published
Jan 2, 2024
The vulnerability allows a remote attacker to access sensitive data inside exported packages or...
High
Unreviewed
CVE-2023-48257
was published
Jan 10, 2024
Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if...
Critical
Unreviewed
CVE-2024-1039
was published
Feb 2, 2024
A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI...
Moderate
Unreviewed
CVE-2023-6951
was published
Apr 2, 2024
In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).
High
Unreviewed
CVE-2024-28066
was published
Apr 8, 2024
Longse model LBH30FE200W cameras, as well as products based on this device, make use of telnet...
High
Unreviewed
CVE-2024-5634
was published
Jul 9, 2024
Under certain circumstances the Software House C●CURE 9000 installer will utilize weak credentials.
High
Unreviewed
CVE-2024-32759
was published
Jul 10, 2024
The MSI installer for Splashtop Streamer for Windows before 3.6.2.0 uses a temporary folder with...
High
Unreviewed
CVE-2024-42051
was published
Jul 28, 2024
A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This...
High
Unreviewed
CVE-2024-40892
was published
Aug 12, 2024
The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient,...
Moderate
Unreviewed
CVE-2024-42027
was published
Oct 7, 2024
An unauthenticated remote attacker can perform a brute-force attack on the credentials of the...
High
Unreviewed
CVE-2024-45272
was published
Oct 15, 2024
Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated...
Critical
Unreviewed
CVE-2024-43698
was published
Oct 23, 2024
ProTip!
Advisories are also available from the
GraphQL API