Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

19 advisories

Loading
Dragonfly2 has hard coded cyptographic key Critical
CVE-2023-27584 was published for d7y.io/dragonfly/v2 (Go) Sep 19, 2024
cokeBeer
Password reset tokens are generated using an insecure source of randomness. Attackers who know... Critical Unreviewed
CVE-2024-6890 was published Aug 8, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All... Critical Unreviewed
CVE-2024-30207 was published May 14, 2024
D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This... Critical Unreviewed
CVE-2023-32169 was published May 3, 2024
SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which... Critical Unreviewed
CVE-2019-19753 was published Apr 30, 2024
Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this... Critical Unreviewed
CVE-2024-2413 was published Mar 13, 2024
@nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keys Critical
GHSA-84c3-j8r2-mcm8 was published for @nfid/embed (npm) Feb 26, 2024
agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate` Critical
CVE-2024-1631 was published for @dfinity/auth-client (npm) Feb 21, 2024
peterpeterparker krpeacock
EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key Critical Unreviewed
CVE-2023-42492 was published Oct 25, 2023
Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz -... Critical Unreviewed
CVE-2023-3632 was published Aug 9, 2023
Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious... Critical Unreviewed
CVE-2023-2158 was published Jul 6, 2023
Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device... Critical Unreviewed
CVE-2022-2641 was published Jul 6, 2023
An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality... Critical Unreviewed
CVE-2023-22844 was published Jul 6, 2023
AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded... Critical Unreviewed
CVE-2023-34338 was published Jul 5, 2023
Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions... Critical Unreviewed
CVE-2022-29830 was published Nov 25, 2022
A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive ... Critical Unreviewed
CVE-2021-27389 was published May 24, 2022
minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product. Critical Unreviewed
CVE-2019-19750 was published May 24, 2022
Metasys? ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for... Critical Unreviewed
CVE-2019-7594 was published May 24, 2022
A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version... Critical Unreviewed
CVE-2017-14021 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API