GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
158 advisories
Filter by severity
phpMyFAQ has Weak Password Requirements
Moderate
CVE-2023-0307
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) has a Weak...
Critical
Unreviewed
CVE-2022-44236
was published
Dec 15, 2022
A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0...
High
Unreviewed
CVE-2021-39434
was published
Dec 6, 2022
Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting,...
Critical
Unreviewed
CVE-2022-45482
was published
Dec 2, 2022
Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the...
High
Unreviewed
CVE-2022-43030
was published
Nov 15, 2022
phpMyFAQ contains Weak Password Requirements
Critical
CVE-2022-3754
was published
for
thorsten/phpmyfaq
(Composer)
Oct 29, 2022
etcd has no minimum password length
Moderate
CVE-2020-15115
was published
for
go.etcd.io/etcd/client/v3
(Go)
Oct 6, 2022
rdiffweb allows a new password to be the same as the previous password
Moderate
CVE-2022-3376
was published
for
rdiffweb
(pip)
Oct 6, 2022
rdiffweb vulnerable to password complexity bypass leading to weak passwords
Moderate
CVE-2022-3326
was published
for
rdiffweb
(pip)
Sep 30, 2022
Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2.
Critical
Unreviewed
CVE-2022-3268
was published
Sep 23, 2022
rdiffweb 2.4.1 contains Weak Password Requirements
High
CVE-2022-3179
was published
for
rdiffweb
(pip)
Sep 14, 2022
Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially...
Critical
Unreviewed
CVE-2022-37163
was published
Sep 9, 2022
Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain...
Critical
Unreviewed
CVE-2022-37164
was published
Sep 9, 2022
HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password...
High
Unreviewed
CVE-2022-27558
was published
Aug 29, 2022
RuoYi v3.8.3 has a Weak password vulnerability in the management system.
Critical
Unreviewed
CVE-2022-37158
was published
Aug 26, 2022
Missing password strength check in notrinos/notrinos-erp
High
CVE-2022-2927
was published
for
notrinos/notrinos-erp
(Composer)
Aug 23, 2022
Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the...
High
Unreviewed
CVE-2022-34772
was published
Aug 23, 2022
Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain...
Critical
Unreviewed
CVE-2022-34615
was published
Aug 20, 2022
Contract Management System v2.0 contains a weak default password which gives attackers to access...
High
Unreviewed
CVE-2022-35198
was published
Aug 19, 2022
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have...
Critical
Unreviewed
CVE-2022-35280
was published
Aug 11, 2022
Raneto v0.17.0 employs weak password complexity requirements
Critical
CVE-2022-35143
was published
for
raneto
(npm)
Aug 5, 2022
BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a...
High
Unreviewed
CVE-2022-36301
was published
Aug 2, 2022
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET...
Critical
Unreviewed
CVE-2022-31211
was published
Jul 18, 2022
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices,...
High
Unreviewed
CVE-2022-28377
was published
Jul 15, 2022
Weak default root user credentials allow remote attackers to easily obtain OS superuser...
Critical
Unreviewed
CVE-2022-1668
was published
Jun 25, 2022
ProTip!
Advisories are also available from the
GraphQL API