GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,740
Composer 4,239
Erlang 31
GitHub Actions 21
Go 2,007
Maven 5,196
npm 3,716
NuGet 662
pip 3,388
Pub 11
RubyGems 885
Rust 851
Swift 36

Unreviewed advisories

All unreviewed 235,757

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

1,167 advisories

Filter by severity

Sort by

Least recently updated

The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability,... Critical Unreviewed

CVE-2024-28987 was published Aug 22, 2024

A vulnerability was found in demozx gf_cms 1.0/1.0.1. It has been classified as critical. This... Moderate Unreviewed

CVE-2024-8005 was published Aug 20, 2024

H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc... Critical Unreviewed

CVE-2024-42638 was published Aug 16, 2024

H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow... Critical Unreviewed

CVE-2024-42637 was published Aug 16, 2024

Identical Hardcoded Root Password for All Devices in GNCC's GC2 Indoor Security Camera 1080P... Moderate Unreviewed

CVE-2024-31798 was published Aug 15, 2024

A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key,... Low Unreviewed

CVE-2023-20512 was published Aug 13, 2024

Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and... High Unreviewed

CVE-2024-41161 was published Aug 8, 2024

Password reset tokens are generated using an insecure source of randomness. Attackers who know... Critical Unreviewed

CVE-2024-6890 was published Aug 8, 2024

D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service. High Unreviewed

CVE-2024-41616 was published Aug 6, 2024

ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may... High Unreviewed

CVE-2024-39838 was published Aug 5, 2024

Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique... Moderate Unreviewed

CVE-2024-33895 was published Aug 2, 2024

A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as... Critical Unreviewed

CVE-2024-7332 was published Aug 1, 2024

In D-Link DIR-860L REVA FIRMWARE PATCH 1.10..B04, the Telnet service contains hardcoded... Critical Unreviewed

CVE-2024-41611 was published Jul 30, 2024

D-Link DIR-820LW REVB FIRMWARE PATCH 2.03.B01_TC contains hardcoded credentials in the Telnet... Critical Unreviewed

CVE-2024-41610 was published Jul 30, 2024

A vulnerability was found in TOTOLINK A3000RU 5.9c.5185. It has been rated as problematic. This... Moderate Unreviewed

CVE-2024-7170 was published Jul 29, 2024

A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as... Low Unreviewed

CVE-2024-7155 was published Jul 28, 2024

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to unencrypted storing of WPA... Moderate Unreviewed

CVE-2024-41689 was published Jul 26, 2024

Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to... Critical Unreviewed

CVE-2024-6912 was published Jul 22, 2024

Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover... High Unreviewed

CVE-2024-5471 was published Jul 17, 2024

Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root. Critical Unreviewed

CVE-2024-35338 was published Jul 16, 2024

An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS... Critical Unreviewed

CVE-2024-28747 was published Jul 9, 2024

A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013... Critical Unreviewed

CVE-2023-46685 was published Jul 8, 2024

mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code... Critical Unreviewed

CVE-2024-4708 was published Jul 3, 2024

Hardcoded credentials are discovered within the application's source code, creating a potential... Critical Unreviewed

CVE-2023-41919 was published Jul 2, 2024

"Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an... Moderate Unreviewed

CVE-2024-38480 was published Jul 1, 2024

Previous 1 2 3 4 5 … 46 47 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,167 advisories