GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,015
Composer 4,300
Erlang 31
GitHub Actions 21
Go 2,069
Maven 5,241
npm 3,744
NuGet 668
pip 3,429
Pub 12
RubyGems 892
Rust 877
Swift 36

Unreviewed advisories

All unreviewed 240,342

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

552 advisories

Filter by severity

Sort by

Least recently updated

REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in... Critical Unreviewed

CVE-2021-33583 was published May 24, 2022

An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR... Critical Unreviewed

CVE-2021-21913 was published May 24, 2022

IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic... Critical Unreviewed

CVE-2020-4690 was published May 24, 2022

An authentication bypass vulnerability exists in the web interface /action/factory* functionality... Critical Unreviewed

CVE-2022-29477 was published Oct 25, 2022

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2... Critical Unreviewed

CVE-2021-38456 was published May 24, 2022

A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc.... Critical Unreviewed

CVE-2022-29889 was published Oct 25, 2022

Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive... Critical Unreviewed

CVE-2021-34795 was published May 24, 2022

Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to... Critical Unreviewed

CVE-2022-3214 was published Sep 17, 2022

A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow... Critical Unreviewed

CVE-2021-40119 was published May 24, 2022

Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials. Critical Unreviewed

CVE-2021-40519 was published May 24, 2022

D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which... Critical Unreviewed

CVE-2017-11436 was published May 24, 2022

D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote... Critical Unreviewed

CVE-2017-15909 was published May 24, 2022

The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote... Critical Unreviewed

CVE-2021-32535 was published May 24, 2022

In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire... Critical Unreviewed

CVE-2020-25565 was published May 24, 2022

The same hard-coded password in QSAN Storage Manager's in the firmware allows remote attackers to... Critical Unreviewed

CVE-2021-32525 was published May 24, 2022

Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12.... Critical Unreviewed

CVE-2016-8731 was published May 13, 2022

Use of hard-coded cryptographic key vulnerability in QSAN Storage Manager allows attackers to... Critical Unreviewed

CVE-2021-32520 was published May 24, 2022

ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image,... Critical Unreviewed

CVE-2021-41299 was published May 24, 2022

An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless... Critical Unreviewed

CVE-2016-8717 was published May 13, 2022

Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports,... Critical Unreviewed

CVE-2022-1400 was published Aug 18, 2022

In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is... Critical Unreviewed

CVE-2022-40111 was published Sep 7, 2022

Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config... Critical Unreviewed

CVE-2022-36672 was published Sep 2, 2022

Mutiny 7.2.0-10788 suffers from Hardcoded root password. Critical Unreviewed

CVE-2022-37832 was published Dec 17, 2022

Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root... Critical Unreviewed

CVE-2022-36558 was published Aug 30, 2022

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to... Critical Unreviewed

CVE-2019-3932 was published May 24, 2022

Previous 1 2 … 6 7 8 9 10 … 22 23 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

552 advisories