Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

424 advisories

Loading
Improper physical access control and use of hard-coded credentials in /etc/passwd permits an... High Unreviewed
CVE-2022-25213 was published Mar 11, 2022
Hard coded credentials in FreeTAKServer High
CVE-2022-25510 was published for FreeTAKServer (pip) Mar 12, 2022
RunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted... High Unreviewed
CVE-2022-26660 was published Mar 17, 2022
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded... High Unreviewed
CVE-2022-25246 was published Mar 17, 2022
In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official... High Unreviewed
CVE-2021-46008 was published Apr 1, 2022
A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of... High Unreviewed
CVE-2022-23440 was published Apr 7, 2022
Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source... High Unreviewed
CVE-2022-26671 was published Apr 8, 2022
A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance... High Unreviewed
CVE-2022-20773 was published Apr 22, 2022
ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote... High Unreviewed
CVE-2022-26672 was published Apr 23, 2022
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap... High Unreviewed
CVE-2022-23942 was published Apr 27, 2022
A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA... High Unreviewed
CVE-2022-29856 was published Apr 30, 2022
The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known... High Unreviewed
CVE-2000-1139 was published Apr 30, 2022
Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back... High Unreviewed
CVE-2005-0496 was published May 1, 2022
admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authentication and gain... High Unreviewed
CVE-2006-7074 was published May 1, 2022
The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with... High Unreviewed
CVE-2007-1063 was published May 1, 2022
EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to... High Unreviewed
CVE-2008-0961 was published May 1, 2022
ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not... High Unreviewed
CVE-2008-1160 was published May 1, 2022
Use of static encryption key material allows forging an authentication token to other users... High Unreviewed
CVE-2022-23724 was published May 5, 2022
A hard-coded password vulnerability exists in the console infactory functionality of InHand... High Unreviewed
CVE-2022-27172 was published May 13, 2022
Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due... High Unreviewed
CVE-2019-3710 was published May 13, 2022
An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. The tools/ping... High Unreviewed
CVE-2019-3497 was published May 13, 2022
An issue was discovered on Wifi-soft UniBox controller 3.x devices. The tools/controller... High Unreviewed
CVE-2019-3496 was published May 13, 2022
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough... High Unreviewed
CVE-2017-14115 was published May 13, 2022
A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When... High Unreviewed
CVE-2018-10898 was published May 13, 2022
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses... High Unreviewed
CVE-2019-7161 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database