GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
31 advisories
Filter by severity
A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100,...
Critical
Unreviewed
CVE-2024-20412
was published
Oct 23, 2024
FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114...
Critical
Unreviewed
CVE-2024-25825
was published
Oct 9, 2024
The web application for ProGauge MAGLINK LX4 CONSOLE contains an
administrative-level user...
Critical
Unreviewed
CVE-2024-43423
was published
Sep 25, 2024
Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password.
Critical
Unreviewed
CVE-2023-37231
was published
Sep 10, 2024
A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220....
Critical
Unreviewed
CVE-2024-8580
was published
Sep 8, 2024
A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as...
Critical
Unreviewed
CVE-2024-7332
was published
Aug 1, 2024
ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key.
Critical
Unreviewed
CVE-2024-36526
was published
Jul 9, 2024
A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013...
Critical
Unreviewed
CVE-2023-46685
was published
Jul 8, 2024
mySCADA myPRO
uses a hard-coded password which could allow an attacker to remotely execute code...
Critical
Unreviewed
CVE-2024-4708
was published
Jul 3, 2024
H3C Magic R230 V100R002 was discovered to contain a hardcoded password vulnerability in /etc...
Critical
Unreviewed
CVE-2024-38902
was published
Jun 24, 2024
Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to...
Critical
Unreviewed
CVE-2024-34539
was published
Jun 14, 2024
CyberPower PowerPanel business application code contains a hard-coded set of authentication ...
Critical
Unreviewed
CVE-2024-34025
was published
May 15, 2024
CyberPower PowerPanel business
application code contains a hard-coded JWT signing key. This...
Critical
Unreviewed
CVE-2024-33625
was published
May 15, 2024
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device...
Critical
Unreviewed
CVE-2024-32741
was published
May 14, 2024
Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote...
Critical
Unreviewed
CVE-2024-27488
was published
Apr 8, 2024
Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3,...
Critical
Unreviewed
CVE-2024-28010
was published
Mar 28, 2024
Chirp Access improperly stores credentials within its source code, potentially exposing...
Critical
Unreviewed
CVE-2024-2197
was published
Mar 20, 2024
Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site...
Critical
Unreviewed
CVE-2023-23770
was published
Aug 29, 2023
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2...
Critical
Unreviewed
CVE-2022-45444
was published
Jul 6, 2023
A vulnerability, which was classified as critical, was found in USR USR-G806 1.0.41. Affected is...
Critical
Unreviewed
CVE-2023-2645
was published
May 11, 2023
A vulnerability classified as critical has been found in Netis Netcore Router. This affects an...
Critical
Unreviewed
CVE-2018-25069
was published
Jan 7, 2023
A vulnerability, which was classified as critical, has been found in taoeffect Empress. Affected...
Critical
Unreviewed
CVE-2014-125030
was published
Jan 1, 2023
Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to an...
Critical
Unreviewed
CVE-2022-41653
was published
Dec 14, 2022
A hard-coded password vulnerability exists in the libcommonprod.so prod_change_root_passwd...
Critical
Unreviewed
CVE-2022-22144
was published
Aug 6, 2022
The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and...
Critical
Unreviewed
CVE-2022-30271
was published
Jul 27, 2022
ProTip!
Advisories are also available from the
GraphQL API