GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
430 advisories
Filter by severity
Ingenico Telium 2 POS terminals have hardcoded FTP credentials. This is fixed in Telium 2 SDK v9...
High
Unreviewed
CVE-2018-17771
was published
May 24, 2022
The express install, which is the suggested way to install Puppet Enterprise, gives the user a...
High
Unreviewed
CVE-2019-10694
was published
May 24, 2022
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port...
High
Unreviewed
CVE-2019-3906
was published
May 13, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication.
High
Unreviewed
CVE-2020-15327
was published
Sep 30, 2022
Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to...
High
Unreviewed
CVE-2019-3908
was published
May 13, 2022
BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited...
High
Unreviewed
CVE-2022-40263
was published
Nov 5, 2022
Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin...
High
Unreviewed
CVE-2022-36222
was published
Dec 21, 2022
In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is...
High
Unreviewed
CVE-2021-44720
was published
Aug 13, 2022
A vulnerability has been identified in LOGO!8 BM (All versions). Project data stored on the...
High
Unreviewed
CVE-2019-10920
was published
May 24, 2022
A CWE-798 use of hardcoded credentials vulnerability exists in BMX-NOR-0200H with firmware...
High
Unreviewed
CVE-2019-6812
was published
May 24, 2022
Prima Systems FlexAir devices have Hard-coded Credentials.
High
Unreviewed
CVE-2019-7672
was published
May 24, 2022
A weak default administrator password for the web interface and serial port was reported in some...
High
Unreviewed
CVE-2021-42850
was published
May 19, 2022
MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end and can lead to escalation of...
High
Unreviewed
CVE-2022-36170
was published
Aug 20, 2022
Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges...
High
Unreviewed
CVE-2022-31322
was published
Sep 14, 2022
IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via...
High
Unreviewed
CVE-2016-2948
was published
May 17, 2022
A hard-coded cryptographic key is used in FileWave before 14.6.3 and 14.7.x before 14.7.2....
High
Unreviewed
CVE-2022-34906
was published
Jul 26, 2022
IBM Security Verify Information Queue 10.0.2 contains hard-coded credentials, such as a password...
High
Unreviewed
CVE-2022-35287
was published
Jul 26, 2022
Disclosure of information - the system allows you to view usernames and passwords without...
High
Unreviewed
CVE-2022-30622
was published
Jul 18, 2022
D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which...
High
Unreviewed
CVE-2016-10125
was published
May 17, 2022
Foscam networked devices use the same hardcoded SSL private key across different customers'...
High
Unreviewed
CVE-2017-7648
was published
May 17, 2022
A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5...
High
Unreviewed
CVE-2022-29060
was published
Jul 20, 2022
Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in the Registry Editor. This...
High
Unreviewed
CVE-2022-32389
was published
Jul 15, 2022
IBM QRadar Network Security 5.4.0 and 5.5.0 contains hard-coded credentials, such as a password...
High
Unreviewed
CVE-2020-4157
was published
Jul 13, 2022
Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerability; the hardcoded keys...
High
Unreviewed
CVE-2016-8754
was published
May 17, 2022
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The...
High
Unreviewed
CVE-2016-8361
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API