GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
552 advisories
Filter by severity
IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to...
Critical
Unreviewed
CVE-2016-8954
was published
May 17, 2022
The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain...
Critical
Unreviewed
CVE-2016-8491
was published
May 17, 2022
ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the...
Critical
Unreviewed
CVE-2016-1560
was published
May 17, 2022
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded...
Critical
Unreviewed
CVE-2022-34441
was published
Jan 11, 2023
Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with...
Critical
Unreviewed
CVE-2017-8224
was published
May 17, 2022
libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor...
Critical
Unreviewed
CVE-2022-32985
was published
Jul 18, 2022
Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of ...
Critical
Unreviewed
CVE-2015-2882
was published
May 17, 2022
Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the...
Critical
Unreviewed
CVE-2015-2881
was published
May 17, 2022
iBaby M3S has a password of admin for the backdoor admin account.
Critical
Unreviewed
CVE-2015-2887
was published
May 17, 2022
Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for...
Critical
Unreviewed
CVE-2017-9932
was published
May 17, 2022
In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may...
Critical
Unreviewed
CVE-2017-6131
was published
May 17, 2022
The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Administrator username and password.
Critical
Unreviewed
CVE-2021-40597
was published
Jun 30, 2022
The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin"...
Critical
Unreviewed
CVE-2016-0726
was published
May 17, 2022
An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code...
Critical
Unreviewed
CVE-2022-34005
was published
Jun 20, 2022
A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a...
Critical
Unreviewed
CVE-2017-7336
was published
May 17, 2022
IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or...
Critical
Unreviewed
CVE-2020-4150
was published
Jul 12, 2022
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM...
Critical
Unreviewed
CVE-2017-2236
was published
May 17, 2022
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The keystore is...
Critical
Unreviewed
CVE-2017-11129
was published
May 17, 2022
Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0.0,3.3.1.0,3.3.0.0 is...
Critical
Unreviewed
CVE-2022-30422
was published
Jun 18, 2022
Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a...
Critical
Unreviewed
CVE-2022-29525
was published
Jun 14, 2022
MEDHOST Connex contains hard-coded credentials that are used for customer database access. An...
Critical
Unreviewed
CVE-2017-11614
was published
May 17, 2022
Backup archives were found to be encrypted with a static password across different installations,...
Critical
Unreviewed
CVE-2017-11380
was published
May 17, 2022
MEDHOST Document Management System contains hard-coded credentials that are used for Apache Solr...
Critical
Unreviewed
CVE-2017-11694
was published
May 17, 2022
A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been classified as very...
Critical
Unreviewed
CVE-2017-20039
was published
Jun 12, 2022
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to...
Critical
Unreviewed
CVE-2022-30234
was published
Jun 3, 2022
ProTip!
Advisories are also available from the
GraphQL API