GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
552 advisories
Filter by severity
Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if...
Critical
Unreviewed
CVE-2024-45861
was published
Sep 19, 2024
AdaptiveScale LXDUI Hardcoded JWT Secret Key
Critical
CVE-2021-40494
was published
for
lxdui
(pip)
May 24, 2022
Dragonfly2 has hard coded cyptographic key
Critical
CVE-2023-27584
was published
for
d7y.io/dragonfly/v2
(Go)
Sep 19, 2024
Django user with hardcoded password created when running tests on Oracle
Critical
CVE-2016-9013
was published
for
Django
(pip)
May 17, 2022
TELSAT marKoni FM Transmitters are vulnerable to an attacker exploiting a hidden admin account...
Critical
Unreviewed
CVE-2024-39374
was published
Jun 27, 2024
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker...
Critical
Unreviewed
CVE-2024-20439
was published
Sep 4, 2024
Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/...
Critical
Unreviewed
CVE-2018-17558
was published
Oct 27, 2023
Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to...
Critical
Unreviewed
CVE-2024-6912
was published
Jul 22, 2024
H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc...
Critical
Unreviewed
CVE-2024-42638
was published
Aug 16, 2024
The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are...
Critical
Unreviewed
CVE-2024-6633
was published
Aug 27, 2024
mySCADA myPRO
uses a hard-coded password which could allow an attacker to remotely execute code...
Critical
Unreviewed
CVE-2024-4708
was published
Jul 3, 2024
A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207....
Critical
Unreviewed
CVE-2024-8162
was published
Aug 26, 2024
H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow...
Critical
Unreviewed
CVE-2024-42637
was published
Aug 16, 2024
A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as...
Critical
Unreviewed
CVE-2024-7332
was published
Aug 1, 2024
Password reset tokens are generated using an insecure source of randomness. Attackers who know...
Critical
Unreviewed
CVE-2024-6890
was published
Aug 8, 2024
Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw default password.
Critical
Unreviewed
CVE-2024-38466
was published
Jun 16, 2024
In D-Link DIR-860L REVA FIRMWARE PATCH 1.10..B04, the Telnet service contains hardcoded...
Critical
Unreviewed
CVE-2024-41611
was published
Jul 30, 2024
D-Link DIR-820LW REVB FIRMWARE PATCH 2.03.B01_TC contains hardcoded credentials in the Telnet...
Critical
Unreviewed
CVE-2024-41610
was published
Jul 30, 2024
Use of hard-coded credentials issue exists in Ricoh Streamline NX PC Client ver.3.7.2 and earlier...
Critical
Unreviewed
CVE-2024-36480
was published
Jun 19, 2024
The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and...
Critical
Unreviewed
CVE-2022-30271
was published
Jul 27, 2022
Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root.
Critical
Unreviewed
CVE-2024-35338
was published
Jul 16, 2024
A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013...
Critical
Unreviewed
CVE-2023-46685
was published
Jul 8, 2024
An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS...
Critical
Unreviewed
CVE-2024-28747
was published
Jul 9, 2024
luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials.
Critical
Unreviewed
CVE-2024-39208
was published
Jun 27, 2024
TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in ...
Critical
Unreviewed
CVE-2024-36782
was published
Jun 3, 2024
ProTip!
Advisories are also available from the
GraphQL API