Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

161 advisories

Loading
auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, ... Moderate Unreviewed
CVE-2010-2073 was published May 17, 2022
Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users... Moderate Unreviewed
CVE-2010-2772 was published May 17, 2022
A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless... Moderate Unreviewed
CVE-2017-12725 was published May 14, 2022
Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key... Moderate Unreviewed
CVE-2018-9073 was published May 14, 2022
Amcrest networked devices use the same hardcoded SSL private key across different customers'... Moderate Unreviewed
CVE-2018-16546 was published May 13, 2022
FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses... Moderate Unreviewed
CVE-2017-2720 was published May 13, 2022
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module ... Moderate Unreviewed
CVE-2014-5431 was published May 13, 2022
The ifmap service that comes bundled with Juniper Networks Contrail releases uses hard coded... Moderate Unreviewed
CVE-2017-10616 was published May 13, 2022
The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a... Moderate Unreviewed
CVE-2017-12317 was published May 13, 2022
A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0,... Moderate Unreviewed
CVE-2017-12709 was published May 13, 2022
Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded cryptographic key to encrypt PHI... Moderate Unreviewed
CVE-2017-14014 was published May 13, 2022
IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerability that could allow a... Moderate Unreviewed
CVE-2017-1787 was published May 13, 2022
A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all... Moderate Unreviewed
CVE-2017-6039 was published May 13, 2022
A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000... Moderate Unreviewed
CVE-2017-9649 was published May 13, 2022
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an... Moderate Unreviewed
CVE-2018-17919 was published May 13, 2022
IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could allow an attacker to bypass... Moderate Unreviewed
CVE-2018-1650 was published May 13, 2022
The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation... Moderate Unreviewed
CVE-2018-12240 was published May 13, 2022
A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP)... Moderate Unreviewed
CVE-2018-0329 was published May 13, 2022
Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows... Moderate Unreviewed
CVE-2012-4712 was published May 13, 2022
An information disclosure vulnerability exists in the router configuration export functionality... Moderate Unreviewed
CVE-2022-26020 was published May 13, 2022
An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO... Moderate Unreviewed
CVE-2013-1603 was published May 5, 2022
manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key,... Moderate Unreviewed
CVE-2008-2369 was published May 1, 2022
The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in... Moderate Unreviewed
CVE-2006-7142 was published May 1, 2022
Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP... Moderate Unreviewed
CVE-2005-3803 was published May 1, 2022
The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2... Moderate Unreviewed
CVE-2005-3716 was published May 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database