GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
47 advisories
Filter by severity
The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access...
Critical
Unreviewed
CVE-2022-1039
was published
Apr 21, 2022
Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating...
Critical
Unreviewed
CVE-2020-26201
was published
May 24, 2022
Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1.
Critical
Unreviewed
CVE-2022-2098
was published
Jun 17, 2022
Weak default root user credentials allow remote attackers to easily obtain OS superuser...
Critical
Unreviewed
CVE-2022-1668
was published
Jun 25, 2022
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET...
Critical
Unreviewed
CVE-2022-31211
was published
Jul 18, 2022
Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) has a Weak...
Critical
Unreviewed
CVE-2022-44236
was published
Dec 15, 2022
Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain...
Critical
Unreviewed
CVE-2022-34615
was published
Aug 20, 2022
Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2.
Critical
Unreviewed
CVE-2022-1775
was published
May 21, 2022
RuoYi v3.8.3 has a Weak password vulnerability in the management system.
Critical
Unreviewed
CVE-2022-37158
was published
Aug 26, 2022
Versions of the Official teamspeak Docker images through 3.6.0 contain a blank password for the...
Critical
Unreviewed
CVE-2020-29590
was published
May 24, 2022
Versions of the Official registry Docker images through 2.7.0 contain a blank password for the...
Critical
Unreviewed
CVE-2020-29591
was published
May 24, 2022
A weak password requirement vulnerability exists in the Create New User function of MintHCM...
Critical
Unreviewed
CVE-2021-25839
was published
May 24, 2022
An access control vulnerability in Hame SD1 Wi-Fi firmware <=V.20140224154640 allows an attacker...
Critical
Unreviewed
CVE-2021-26797
was published
May 24, 2022
IBM Security Guardium 11.2 does not require that users should have strong passwords by default,...
Critical
Unreviewed
CVE-2021-20418
was published
May 24, 2022
ECOA BAS controller uses weak set of default administrative credentials that can be easily...
Critical
Unreviewed
CVE-2021-41296
was published
May 24, 2022
The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and...
Critical
Unreviewed
CVE-2021-35498
was published
May 24, 2022
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient...
Critical
Unreviewed
CVE-2021-38462
was published
May 24, 2022
Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting,...
Critical
Unreviewed
CVE-2022-45482
was published
Dec 2, 2022
Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2.
Critical
Unreviewed
CVE-2022-3268
was published
Sep 23, 2022
Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially...
Critical
Unreviewed
CVE-2022-37163
was published
Sep 9, 2022
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. /admin/access accepts a request to...
Critical
Unreviewed
CVE-2019-7674
was published
May 13, 2022
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. The "user" account has a blank...
Critical
Unreviewed
CVE-2019-9123
was published
May 13, 2022
Open Dental before version 18.4 installs a mysql database and uses the default credentials of ...
Critical
Unreviewed
CVE-2018-15719
was published
May 13, 2022
Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain...
Critical
Unreviewed
CVE-2022-37164
was published
Sep 9, 2022
A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and...
Critical
Unreviewed
CVE-2017-16727
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API