GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
404 advisories
Filter by severity
The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte...
High
Unreviewed
CVE-2022-41399
was published
Apr 28, 2023
PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 2020 (2012_lts) allows remote...
High
Unreviewed
CVE-2022-45291
was published
Apr 25, 2023
TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User ---...
High
Unreviewed
CVE-2022-37255
was published
Apr 16, 2023
Android App 'Wolt Delivery: Food and more' version 4.27.2 and earlier uses hard-coded credentials...
High
Unreviewed
CVE-2023-22429
was published
Apr 11, 2023
MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the...
High
Unreviewed
CVE-2023-0391
was published
Mar 21, 2023
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet...
High
Unreviewed
CVE-2023-24147
was published
Feb 3, 2023
Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application...
High
Unreviewed
CVE-2023-23132
was published
Feb 1, 2023
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege...
High
Unreviewed
CVE-2022-42973
was published
Feb 1, 2023
A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an...
High
Unreviewed
CVE-2023-20038
was published
Jan 20, 2023
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password...
High
Unreviewed
CVE-2022-34462
was published
Jan 18, 2023
Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism....
High
Unreviewed
CVE-2022-36925
was published
Jan 9, 2023
ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX...
High
Unreviewed
CVE-2022-4780
was published
Dec 29, 2022
Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An...
High
Unreviewed
CVE-2022-45425
was published
Dec 27, 2022
Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin...
High
Unreviewed
CVE-2022-36222
was published
Dec 21, 2022
Common encryption key appears to be used across all deployed instances of Serv-U FTP Server....
High
Unreviewed
CVE-2021-35252
was published
Dec 20, 2022
Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a...
High
Unreviewed
CVE-2022-2660
was published
Dec 14, 2022
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through...
High
Unreviewed
CVE-2022-46411
was published
Dec 4, 2022
Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions...
High
Unreviewed
CVE-2022-29828
was published
Nov 25, 2022
Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1...
High
Unreviewed
CVE-2022-29831
was published
Nov 25, 2022
Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions...
High
Unreviewed
CVE-2022-29827
was published
Nov 25, 2022
Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions...
High
Unreviewed
CVE-2022-29829
was published
Nov 25, 2022
Use of Hard-coded Password vulnerability in Mitsubishi Electric GX Works3 all versions allows an...
High
Unreviewed
CVE-2022-29825
was published
Nov 25, 2022
Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: ...
High
Unreviewed
CVE-2022-37710
was published
Nov 7, 2022
BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited...
High
Unreviewed
CVE-2022-40263
was published
Nov 5, 2022
A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco...
High
Unreviewed
CVE-2022-20868
was published
Nov 4, 2022
ProTip!
Advisories are also available from the
GraphQL API