Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

552 advisories

Loading
Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded... Critical Unreviewed
CVE-2022-36560 was published Aug 30, 2022
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials... Critical Unreviewed
CVE-2019-3939 was published May 24, 2022
Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions... Critical Unreviewed
CVE-2022-38394 was published Sep 9, 2022
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of... Critical Unreviewed
CVE-2009-5154 was published May 2, 2022
IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access... Critical Unreviewed
CVE-2021-38969 was published May 12, 2022
TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample. Critical Unreviewed
CVE-2022-35491 was published Aug 11, 2022
Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3... Critical Unreviewed
CVE-2017-7574 was published May 13, 2022
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions... Critical Unreviewed
CVE-2018-7229 was published May 13, 2022
DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials (such as the username... Critical Unreviewed
CVE-2017-7576 was published May 13, 2022
EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to... Critical Unreviewed
CVE-2017-8011 was published May 13, 2022
When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server.... Critical Unreviewed
CVE-2022-38337 was published Dec 6, 2022
Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have... Critical Unreviewed
CVE-2016-10307 was published May 13, 2022
iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an... Critical Unreviewed
CVE-2017-6558 was published May 13, 2022
atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin... Critical Unreviewed
CVE-2018-18007 was published May 13, 2022
D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded... Critical Unreviewed
CVE-2018-6210 was published May 13, 2022
dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to... Critical Unreviewed
CVE-2018-18009 was published May 13, 2022
MaLion for Windows and Mac versions 3.2.1 to 5.2.1 uses a hardcoded cryptographic key which may... Critical Unreviewed
CVE-2017-10818 was published May 13, 2022
General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5... Critical Unreviewed
CVE-2016-2310 was published May 13, 2022
Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx... Critical Unreviewed
CVE-2016-10305 was published May 13, 2022
An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services... Critical Unreviewed
CVE-2016-10177 was published May 13, 2022
Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative... Critical Unreviewed
CVE-2017-3222 was published May 13, 2022
A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an... Critical Unreviewed
CVE-2019-1723 was published May 13, 2022
An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file... Critical Unreviewed
CVE-2018-7047 was published May 13, 2022
The trove service user in (1) Openstack deployment (aka crowbar-openstack) and (2) Trove Barclamp... Critical Unreviewed
CVE-2016-6829 was published May 13, 2022
A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated,... Critical Unreviewed
CVE-2018-15439 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database