Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

28 advisories

Loading
Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password. Critical Unreviewed
CVE-2023-37231 was published Sep 10, 2024
A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220.... Critical Unreviewed
CVE-2024-8580 was published Sep 8, 2024
A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as... Critical Unreviewed
CVE-2024-7332 was published Aug 1, 2024
ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key. Critical Unreviewed
CVE-2024-36526 was published Jul 9, 2024
A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013... Critical Unreviewed
CVE-2023-46685 was published Jul 8, 2024
mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code... Critical Unreviewed
CVE-2024-4708 was published Jul 3, 2024
H3C Magic R230 V100R002 was discovered to contain a hardcoded password vulnerability in /etc... Critical Unreviewed
CVE-2024-38902 was published Jun 24, 2024
Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to... Critical Unreviewed
CVE-2024-34539 was published Jun 14, 2024
CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This... Critical Unreviewed
CVE-2024-33625 was published May 15, 2024
CyberPower PowerPanel business application code contains a hard-coded set of authentication ... Critical Unreviewed
CVE-2024-34025 was published May 15, 2024
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device... Critical Unreviewed
CVE-2024-32741 was published May 14, 2024
Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote... Critical Unreviewed
CVE-2024-27488 was published Apr 8, 2024
Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3,... Critical Unreviewed
CVE-2024-28010 was published Mar 28, 2024
Chirp Access improperly stores credentials within its source code, potentially exposing... Critical Unreviewed
CVE-2024-2197 was published Mar 20, 2024
Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site... Critical Unreviewed
CVE-2023-23770 was published Aug 29, 2023
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2... Critical Unreviewed
CVE-2022-45444 was published Jul 6, 2023
A vulnerability, which was classified as critical, was found in USR USR-G806 1.0.41. Affected is... Critical Unreviewed
CVE-2023-2645 was published May 11, 2023
A vulnerability classified as critical has been found in Netis Netcore Router. This affects an... Critical Unreviewed
CVE-2018-25069 was published Jan 7, 2023
A vulnerability, which was classified as critical, has been found in taoeffect Empress. Affected... Critical Unreviewed
CVE-2014-125030 was published Jan 1, 2023
Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to an... Critical Unreviewed
CVE-2022-41653 was published Dec 14, 2022
A hard-coded password vulnerability exists in the libcommonprod.so prod_change_root_passwd... Critical Unreviewed
CVE-2022-22144 was published Aug 6, 2022
The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and... Critical Unreviewed
CVE-2022-30271 was published Jul 27, 2022
The same hard-coded password in QSAN Storage Manager's in the firmware allows remote attackers to... Critical Unreviewed
CVE-2021-32525 was published May 24, 2022
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2... Critical Unreviewed
CVE-2021-38456 was published May 24, 2022
A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4... Critical Unreviewed
CVE-2021-22729 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API