GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
421 advisories
Filter by severity
An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607.
High
Unreviewed
CVE-2016-10179
was published
May 13, 2022
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses...
High
Unreviewed
CVE-2019-7161
was published
May 13, 2022
A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When...
High
Unreviewed
CVE-2018-10898
was published
May 13, 2022
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough...
High
Unreviewed
CVE-2017-14115
was published
May 13, 2022
An issue was discovered on Wifi-soft UniBox controller 3.x devices. The tools/controller...
High
Unreviewed
CVE-2019-3496
was published
May 13, 2022
An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. The tools/ping...
High
Unreviewed
CVE-2019-3497
was published
May 13, 2022
Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due...
High
Unreviewed
CVE-2019-3710
was published
May 13, 2022
A hard-coded password vulnerability exists in the console infactory functionality of InHand...
High
Unreviewed
CVE-2022-27172
was published
May 13, 2022
Use of static encryption key material allows forging an authentication token to other users...
High
Unreviewed
CVE-2022-23724
was published
May 5, 2022
ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not...
High
Unreviewed
CVE-2008-1160
was published
May 1, 2022
EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to...
High
Unreviewed
CVE-2008-0961
was published
May 1, 2022
The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with...
High
Unreviewed
CVE-2007-1063
was published
May 1, 2022
admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authentication and gain...
High
Unreviewed
CVE-2006-7074
was published
May 1, 2022
Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back...
High
Unreviewed
CVE-2005-0496
was published
May 1, 2022
The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known...
High
Unreviewed
CVE-2000-1139
was published
Apr 30, 2022
A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA...
High
Unreviewed
CVE-2022-29856
was published
Apr 30, 2022
ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote...
High
Unreviewed
CVE-2022-26672
was published
Apr 23, 2022
A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance...
High
Unreviewed
CVE-2022-20773
was published
Apr 22, 2022
Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source...
High
Unreviewed
CVE-2022-26671
was published
Apr 8, 2022
A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of...
High
Unreviewed
CVE-2022-23440
was published
Apr 7, 2022
In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official...
High
Unreviewed
CVE-2021-46008
was published
Apr 1, 2022
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded...
High
Unreviewed
CVE-2022-25246
was published
Mar 17, 2022
RunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted...
High
Unreviewed
CVE-2022-26660
was published
Mar 17, 2022
Improper physical access control and use of hard-coded credentials in /etc/passwd permits an...
High
Unreviewed
CVE-2022-25213
was published
Mar 11, 2022
Use of a hard-coded cryptographic key pair by the telnetd_startup service allows an attacker on...
High
Unreviewed
CVE-2022-25217
was published
Mar 11, 2022
ProTip!
Advisories are also available from the
GraphQL API