GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,001
Maven
5,000+
npm
3,713
NuGet
661
pip
3,384
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
417 advisories
Filter by severity
Improper physical access control and use of hard-coded credentials in /etc/passwd permits an...
High
Unreviewed
CVE-2022-25213
was published
Mar 11, 2022
Use of a hard-coded cryptographic key pair by the telnetd_startup service allows an attacker on...
High
Unreviewed
CVE-2022-25217
was published
Mar 11, 2022
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded...
High
Unreviewed
CVE-2022-25246
was published
Mar 17, 2022
RunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted...
High
Unreviewed
CVE-2022-26660
was published
Mar 17, 2022
In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official...
High
Unreviewed
CVE-2021-46008
was published
Apr 1, 2022
A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of...
High
Unreviewed
CVE-2022-23440
was published
Apr 7, 2022
Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source...
High
Unreviewed
CVE-2022-26671
was published
Apr 8, 2022
A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance...
High
Unreviewed
CVE-2022-20773
was published
Apr 22, 2022
ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote...
High
Unreviewed
CVE-2022-26672
was published
Apr 23, 2022
Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle ...
High
Unreviewed
CVE-2021-4228
was published
Oct 24, 2022
An exploitable vulnerability exists in the Wi-Fi Access Point feature of the Roav A1 Dashcam...
High
Unreviewed
CVE-2018-4017
was published
May 24, 2022
An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4...
High
Unreviewed
CVE-2021-33014
was published
May 27, 2022
The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows...
High
Unreviewed
CVE-2020-7352
was published
May 24, 2022
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES...
High
Unreviewed
CVE-2022-25806
was published
Jun 10, 2022
The software contains a hard-coded password it uses for its own inbound authentication or for...
High
Unreviewed
CVE-2021-27438
was published
May 24, 2022
The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted...
High
Unreviewed
CVE-2017-5230
was published
May 17, 2022
WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an...
High
Unreviewed
CVE-2017-2280
was published
May 17, 2022
Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password ...
High
Unreviewed
CVE-2022-31462
was published
Jun 3, 2022
WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an...
High
Unreviewed
CVE-2017-2283
was published
May 17, 2022
Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded...
High
Unreviewed
CVE-2022-31460
was published
Jun 3, 2022
MapGIS IGServer 10.5.6.11 is vulnerable to Arbitrary file deletion.
High
Unreviewed
CVE-2022-36171
was published
Aug 20, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Business Process...
High
Unreviewed
CVE-2021-1574
was published
May 24, 2022
A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum...
High
Unreviewed
CVE-2022-26476
was published
Jun 15, 2022
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a...
High
Unreviewed
CVE-2017-9488
was published
May 17, 2022
Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller...
High
Unreviewed
CVE-2022-30997
was published
Jun 29, 2022
ProTip!
Advisories are also available from the
GraphQL API