Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

144 advisories

Loading
AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows... Critical Unreviewed
CVE-2020-21994 was published May 24, 2022
Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01... Critical Unreviewed
CVE-2021-27734 was published May 24, 2022
An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the... Critical Unreviewed
CVE-2020-12061 was published May 24, 2022
In SapphireIMS 5.0, it is possible to take over an account by sending a request to the... Critical Unreviewed
CVE-2020-25566 was published May 24, 2022
Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials. Critical Unreviewed
CVE-2021-40520 was published May 24, 2022
The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain... Critical Unreviewed
CVE-2021-28171 was published May 24, 2022
Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker... Critical Unreviewed
CVE-2022-31887 was published Jun 29, 2022
Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS... Critical Unreviewed
CVE-2021-41506 was published Jul 1, 2022
An attacker with weak credentials could access the TCP port via an open FTP port, allowing an... Critical Unreviewed
CVE-2022-2103 was published Jun 25, 2022
The web application on Agilia Link+ version 3.0 implements authentication and session management... Critical Unreviewed
CVE-2021-23196 was published Jan 22, 2022
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU... Critical Unreviewed
CVE-2021-20597 was published May 24, 2022
Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may... Critical Unreviewed
CVE-2022-30601 was published Aug 19, 2022
In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in... Critical Unreviewed
CVE-2019-11402 was published May 24, 2022
ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in... Critical Unreviewed
CVE-2019-5505 was published May 24, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account. Critical Unreviewed
CVE-2020-15347 was published Sep 30, 2022
In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554). Critical Unreviewed
CVE-2020-26105 was published May 24, 2022
In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549). Critical Unreviewed
CVE-2020-26101 was published May 24, 2022
Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921... Critical Unreviewed
CVE-2020-27555 was published May 24, 2022
The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve... Critical Unreviewed
CVE-2020-26508 was published May 24, 2022
Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed... Critical Unreviewed
CVE-2020-26510 was published May 24, 2022
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P,... Critical Unreviewed
CVE-2020-29054 was published May 24, 2022
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P,... Critical Unreviewed
CVE-2020-29058 was published May 24, 2022
Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11)... Critical Unreviewed
CVE-2020-28929 was published May 24, 2022
A sensitive information disclosure vulnerability in Kyland KPS2204 6 Port Managed Din-Rail... Critical Unreviewed
CVE-2020-25011 was published May 24, 2022
A password-disclosure issue in the web interface on certain TP-Link devices allows a remote... Critical Unreviewed
CVE-2020-35575 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database