Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

143 advisories

Loading
AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows... Critical Unreviewed
CVE-2020-21994 was published May 24, 2022
Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01... Critical Unreviewed
CVE-2021-27734 was published May 24, 2022
An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the... Critical Unreviewed
CVE-2020-12061 was published May 24, 2022
In SapphireIMS 5.0, it is possible to take over an account by sending a request to the... Critical Unreviewed
CVE-2020-25566 was published May 24, 2022
Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials. Critical Unreviewed
CVE-2021-40520 was published May 24, 2022
The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain... Critical Unreviewed
CVE-2021-28171 was published May 24, 2022
Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker... Critical Unreviewed
CVE-2022-31887 was published Jun 29, 2022
Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS... Critical Unreviewed
CVE-2021-41506 was published Jul 1, 2022
An attacker with weak credentials could access the TCP port via an open FTP port, allowing an... Critical Unreviewed
CVE-2022-2103 was published Jun 25, 2022
The web application on Agilia Link+ version 3.0 implements authentication and session management... Critical Unreviewed
CVE-2021-23196 was published Jan 22, 2022
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU... Critical Unreviewed
CVE-2021-20597 was published May 24, 2022
Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may... Critical Unreviewed
CVE-2022-30601 was published Aug 19, 2022
In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in... Critical Unreviewed
CVE-2019-11402 was published May 24, 2022
ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in... Critical Unreviewed
CVE-2019-5505 was published May 24, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account. Critical Unreviewed
CVE-2020-15347 was published Sep 30, 2022
In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549). Critical Unreviewed
CVE-2020-26101 was published May 24, 2022
In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554). Critical Unreviewed
CVE-2020-26105 was published May 24, 2022
Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921... Critical Unreviewed
CVE-2020-27555 was published May 24, 2022
The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve... Critical Unreviewed
CVE-2020-26508 was published May 24, 2022
Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed... Critical Unreviewed
CVE-2020-26510 was published May 24, 2022
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P,... Critical Unreviewed
CVE-2020-29054 was published May 24, 2022
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P,... Critical Unreviewed
CVE-2020-29058 was published May 24, 2022
Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11)... Critical Unreviewed
CVE-2020-28929 was published May 24, 2022
A sensitive information disclosure vulnerability in Kyland KPS2204 6 Port Managed Din-Rail... Critical Unreviewed
CVE-2020-25011 was published May 24, 2022
A password-disclosure issue in the web interface on certain TP-Link devices allows a remote... Critical Unreviewed
CVE-2020-35575 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API