Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

552 advisories

Loading
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been... Critical Unreviewed
CVE-2024-3272 was published Apr 4, 2024
Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass... Critical Unreviewed
CVE-2024-2161 was published Mar 21, 2024
Chirp Access improperly stores credentials within its source code, potentially exposing... Critical Unreviewed
CVE-2024-2197 was published Mar 20, 2024
A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0)... Critical Unreviewed
CVE-2024-23816 was published Feb 13, 2024
An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via... Critical Unreviewed
CVE-2023-38995 was published Feb 7, 2024
D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account... Critical Unreviewed
CVE-2024-22853 was published Feb 6, 2024
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded... Critical Unreviewed
CVE-2024-21764 was published Feb 2, 2024
Multiple MachineSense devices have credentials unable to be changed by the user or... Critical Unreviewed
CVE-2023-46706 was published Feb 2, 2024
TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root... Critical Unreviewed
CVE-2024-24324 was published Jan 30, 2024
DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key. Critical Unreviewed
CVE-2023-51840 was published Jan 29, 2024
A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote,... Critical Unreviewed
CVE-2024-23619 was published Jan 26, 2024
An issue in the default configurations of ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION... Critical Unreviewed
CVE-2023-51200 was published Jan 23, 2024
Hard-coded credentials in org.folio:mod-data-export-spring Critical
CVE-2024-23687 was published for org.folio:mod-data-export-spring (Maven) Jan 20, 2024
EverShop at risk to unauthorized access via weak HMAC secret Critical
CVE-2023-46943 was published for @evershop/evershop (npm) Jan 13, 2024
Root user password is hardcoded into the device and cannot be changed in the user interface. Critical Unreviewed
CVE-2023-49253 was published Jan 12, 2024
Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard... Critical Unreviewed
CVE-2023-48392 was published Dec 15, 2023
Multisuns EasyLog web+ has a vulnerability of using hard-coded credentials. An remote attacker... Critical Unreviewed
CVE-2023-48388 was published Dec 15, 2023
NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key. Critical Unreviewed
CVE-2023-40300 was published Dec 7, 2023
The affected devices use publicly available default credentials with administrative privileges. Critical Unreviewed
CVE-2023-39169 was published Dec 7, 2023
Unitronics Vision Series PLCs and HMIs use default administrative passwords. An unauthenticated... Critical Unreviewed
CVE-2023-6448 was published Dec 5, 2023
Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain hardcoded credentials... Critical Unreviewed
CVE-2023-23324 was published Nov 29, 2023
First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated... Critical Unreviewed
CVE-2023-47213 was published Nov 16, 2023
Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the... Critical Unreviewed
CVE-2023-47800 was published Nov 10, 2023
Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is... Critical Unreviewed
CVE-2023-5777 was published Nov 6, 2023
VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded... Critical Unreviewed
CVE-2023-45499 was published Oct 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database