GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,927
Composer 4,272
Erlang 31
GitHub Actions 21
Go 2,047
Maven 5,232
npm 3,739
NuGet 668
pip 3,415
Pub 12
RubyGems 891
Rust 868
Swift 36

Unreviewed advisories

All unreviewed 238,414

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

552 advisories

Filter by severity

Sort by

Least recently updated

Use of a hard-coded password for a database administrator account created during Wapro ERP... Critical Unreviewed

CVE-2024-4996 was published Dec 18, 2024

ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric... Critical Unreviewed

CVE-2024-55557 was published Dec 16, 2024

Snap One OvrC Pro versions prior to 7.2 have their own locally... Critical Unreviewed

CVE-2023-31240 was published May 22, 2023

Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow... Critical Unreviewed

CVE-2024-54750 was published Dec 6, 2024

Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation due to the use of a hard... Critical Unreviewed

CVE-2024-53484 was published Dec 2, 2024

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials,... Critical Unreviewed

CVE-2024-49805 was published Nov 29, 2024

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials,... Critical Unreviewed

CVE-2024-49806 was published Nov 29, 2024

The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability,... Critical Unreviewed

CVE-2024-28987 was published Aug 22, 2024

There are several hidden accounts. Some of them are intended for maintenance engineers, and with... Critical Unreviewed

CVE-2024-35244 was published Nov 26, 2024

API keys for some cloud services are hardcoded in the "main" binary. As for the details of... Critical Unreviewed

CVE-2024-36248 was published Nov 26, 2024

Allegra Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows... Critical Unreviewed

CVE-2023-51638 was published Nov 22, 2024

The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is... Critical Unreviewed

CVE-2024-42450 was published Nov 19, 2024

EverShop at risk to unauthorized access via weak HMAC secret Critical

CVE-2023-46943 was published for @evershop/evershop (npm) Jan 13, 2024

The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in... Critical Unreviewed

CVE-2024-48971 was published Nov 15, 2024

VM images built with Image Builder and Proxmox provider use default credentials in github.com/kubernetes-sigs/image-builder Critical

CVE-2024-9486 was published for github.com/kubernetes-sigs/image-builder (Go) Oct 15, 2024

LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily... Critical Unreviewed

CVE-2024-51431 was published Nov 1, 2024

A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100,... Critical Unreviewed

CVE-2024-20412 was published Oct 23, 2024

IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030... Critical Unreviewed

CVE-2024-45656 was published Oct 29, 2024

Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update... Critical Unreviewed

CVE-2024-48539 was published Oct 24, 2024

First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated... Critical Unreviewed

CVE-2023-47213 was published Nov 16, 2023

A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain... Critical Unreviewed

CVE-2024-10025 was published Oct 17, 2024

The devices contain two hard coded user accounts with hardcoded passwords that allow an... Critical Unreviewed

CVE-2024-45275 was published Oct 15, 2024

Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard... Critical Unreviewed

CVE-2023-48392 was published Dec 15, 2023

Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An... Critical Unreviewed

CVE-2023-37291 was published Jul 21, 2023

The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user... Critical Unreviewed

CVE-2024-43423 was published Sep 25, 2024

Previous 1 2 3 4 5 … 22 23 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

552 advisories