Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

519 advisories

Loading
HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. This issue allows... Critical Unreviewed
CVE-2021-26611 was published Nov 27, 2021
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The SNMP daemon was... Critical Unreviewed
CVE-2021-43044 was published Dec 7, 2021
Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to... Critical Unreviewed
CVE-2021-20155 was published Dec 31, 2021
ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such that an attacker (who does... Critical Unreviewed
CVE-2021-36751 was published Jan 3, 2022
QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167f0db2-f83e-4baa-9736... Critical Unreviewed
CVE-2022-22845 was published Jan 11, 2022
The Le-yan dental management system contains a hard-coded credentials vulnerability in the web... Critical Unreviewed
CVE-2022-22056 was published Jan 15, 2022
Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any... Critical Unreviewed
CVE-2021-23233 was published Jan 22, 2022
MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key... Critical Unreviewed
CVE-2022-22928 was published Jan 22, 2022
Online Course Registration v1.0 was discovered to contain hardcoded credentials in the source... Critical Unreviewed
CVE-2020-36064 was published Feb 1, 2022
The affected product has a hardcoded private key available inside the project folder, which may... Critical Unreviewed
CVE-2022-22987 was published Feb 10, 2022
A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an attacker were to obtain the... Critical Unreviewed
CVE-2022-22813 was published Feb 11, 2022
Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the... Critical Unreviewed
CVE-2020-36062 was published Feb 12, 2022
Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric... Critical Unreviewed
CVE-2021-27797 was published Feb 22, 2022
Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform... Critical Unreviewed
CVE-2022-25329 was published Feb 25, 2022
Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials... Critical Unreviewed
CVE-2022-25045 was published Mar 3, 2022
The following Yokogawa Electric products hard-code the password for CAMS server applications:... Critical Unreviewed
CVE-2022-23402 was published Mar 12, 2022
The following Yokogawa Electric products do not change the passwords of the internal Windows... Critical Unreviewed
CVE-2022-21194 was published Mar 12, 2022
Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard coded credentials. A hardcoded... Critical Unreviewed
CVE-2021-45877 was published Mar 22, 2022
ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite... Critical Unreviewed
CVE-2022-25577 was published Mar 26, 2022
UNNO v03.11.00 was discovered to contain access control issue. Critical Unreviewed
CVE-2022-25521 was published Mar 30, 2022
Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded... Critical Unreviewed
CVE-2022-24693 was published Mar 31, 2022
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP... Critical Unreviewed
CVE-2022-1162 was published Apr 5, 2022
Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static SSH keys across... Critical Unreviewed
CVE-2022-25569 was published Apr 5, 2022
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21,... Critical Unreviewed
CVE-2021-30064 was published Apr 5, 2022
A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiEDR versions 5.0.2, 5.0.1,... Critical Unreviewed
CVE-2022-23441 was published Apr 7, 2022
ProTip! Advisories are also available from the GraphQL API