GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
552 advisories
Filter by severity
TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password (PIN):...
Critical
Unreviewed
CVE-2023-33744
was published
Jul 27, 2023
Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An...
Critical
Unreviewed
CVE-2023-37291
was published
Jul 21, 2023
SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated...
Critical
Unreviewed
CVE-2023-37287
was published
Jul 10, 2023
SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated...
Critical
Unreviewed
CVE-2023-37286
was published
Jul 10, 2023
PiiGAB M-Bus contains hard-coded credentials which it uses for authentication.
Critical
Unreviewed
CVE-2023-35987
was published
Jul 7, 2023
Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious...
Critical
Unreviewed
CVE-2023-2158
was published
Jul 6, 2023
Electra Central AC unit – Hardcoded Credentials in unspecified code used by the unit.
Critical
Unreviewed
CVE-2023-24501
was published
Jul 6, 2023
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2...
Critical
Unreviewed
CVE-2022-45444
was published
Jul 6, 2023
AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded...
Critical
Unreviewed
CVE-2023-34338
was published
Jul 5, 2023
Advantech R-SeeNet
versions 2.4.22
is installed with a hidden root-level user that is not...
Critical
Unreviewed
CVE-2023-2611
was published
Jun 22, 2023
Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote...
Critical
Unreviewed
CVE-2022-4333
was published
Jun 1, 2023
Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below...
Critical
Unreviewed
CVE-2023-33778
was published
Jun 1, 2023
Files present on firmware images could allow an attacker to gain unauthorized access as a...
Critical
Unreviewed
CVE-2023-2504
was published
May 23, 2023
Snap One OvrC Pro versions prior to 7.2 have their own locally...
Critical
Unreviewed
CVE-2023-31240
was published
May 22, 2023
MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability...
Critical
Unreviewed
CVE-2023-33236
was published
May 22, 2023
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard...
Critical
Unreviewed
CVE-2023-30352
was published
May 10, 2023
European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak...
Critical
Unreviewed
CVE-2023-26089
was published
May 2, 2023
Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user...
Critical
Unreviewed
CVE-2022-41400
was published
Apr 28, 2023
The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard...
Critical
Unreviewed
CVE-2022-41397
was published
Apr 28, 2023
An issue was discovered in Fighting Cock Information System 1.0, which uses default credentials,...
Critical
Unreviewed
CVE-2022-39989
was published
Apr 26, 2023
@nuxtlabs/github-module made Use of Hard-coded Credentials
Critical
CVE-2023-2138
was published
for
@nuxtlabs/github-module
(npm)
Apr 18, 2023
The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with...
Critical
Unreviewed
CVE-2023-1748
was published
Apr 4, 2023
Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded...
Critical
Unreviewed
CVE-2023-28654
was published
Mar 28, 2023
Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows...
Critical
Unreviewed
CVE-2022-22512
was published
Mar 23, 2023
A Hard Coded Admin Credentials issue in the Web-UI Admin Panel in Propius MachineSelector 6.6.0...
Critical
Unreviewed
CVE-2023-26511
was published
Mar 14, 2023
ProTip!
Advisories are also available from the
GraphQL API