GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
552 advisories
Filter by severity
Hardcoded credentials are discovered within the application's source code, creating a potential...
Critical
Unreviewed
CVE-2023-41919
was published
Jul 2, 2024
Unitronics Vision Series PLCs and HMIs use default administrative passwords. An unauthenticated...
Critical
Unreviewed
CVE-2023-6448
was published
Dec 5, 2023
Use of Hard-coded Credentials vulnerability in Baicells Snap Router BaiCE_BMI on EP3011 (User...
Critical
Unreviewed
CVE-2023-6198
was published
Jun 25, 2024
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive...
Critical
Unreviewed
CVE-2024-3700
was published
Jun 10, 2024
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive...
Critical
Unreviewed
CVE-2024-1228
was published
Jun 10, 2024
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive...
Critical
Unreviewed
CVE-2024-3699
was published
Jun 10, 2024
Chirp Access improperly stores credentials within its source code, potentially exposing...
Critical
Unreviewed
CVE-2024-2197
was published
Mar 20, 2024
Incorrect handling of credential expiry by /nats-io/nats-server
Critical
CVE-2020-26892
was published
for
github.com/nats-io/jwt
(Go)
Feb 11, 2022
Hard-coded credentials are used by the
CyberPower PowerPanel
platform to authenticate to the ...
Critical
Unreviewed
CVE-2024-32053
was published
May 15, 2024
Weak account password in GE HealthCare EchoPAC products
Critical
Unreviewed
CVE-2024-27107
was published
May 14, 2024
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device...
Critical
Unreviewed
CVE-2024-32740
was published
May 14, 2024
D-Link D-View InstallApplication Use of Hard-coded Credentials Authentication Bypass...
Critical
Unreviewed
CVE-2023-44411
was published
May 3, 2024
An issue in the default configurations of ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION...
Critical
Unreviewed
CVE-2023-51200
was published
Jan 23, 2024
Katello uses hard coded credential
Critical
CVE-2012-3503
was published
for
katello
(RubyGems)
May 17, 2022
Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow...
Critical
Unreviewed
CVE-2019-6698
was published
May 24, 2022
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account...
Critical
Unreviewed
CVE-2019-9160
was published
May 24, 2022
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU...
Critical
Unreviewed
CVE-2019-14930
was published
May 24, 2022
AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerability in the NetCrunch web...
Critical
Unreviewed
CVE-2019-14482
was published
May 24, 2022
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in...
Critical
Unreviewed
CVE-2017-8226
was published
May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been...
Critical
Unreviewed
CVE-2024-3272
was published
Apr 4, 2024
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or...
Critical
Unreviewed
CVE-2022-22466
was published
Oct 23, 2023
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or...
Critical
Unreviewed
CVE-2023-33836
was published
Oct 16, 2023
Qognify NiceVision versions 3.1 and prior are vulnerable to exposing sensitive information...
Critical
Unreviewed
CVE-2023-2306
was published
Oct 5, 2023
Use of a static key to protect a JWT token used in user authentication can allow an for an...
Critical
Unreviewed
CVE-2023-5074
was published
Sep 20, 2023
An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary...
Critical
Unreviewed
CVE-2023-42336
was published
Sep 16, 2023
ProTip!
Advisories are also available from the
GraphQL API