GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,198
Composer 4,096
Erlang 29
GitHub Actions 19
Go 1,925
Maven 5,116
npm 3,654
NuGet 638
pip 3,263
Pub 10
RubyGems 873
Rust 823
Swift 35

Unreviewed advisories

All unreviewed 229,269

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

533 advisories

Filter by severity

Sort by

Least recently updated

A hard-coded password vulnerability exists in the libcommonprod.so prod_change_root_passwd... Critical Unreviewed

CVE-2022-22144 was published Aug 6, 2022

TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample. Critical Unreviewed

CVE-2022-35491 was published Aug 11, 2022

Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports,... Critical Unreviewed

CVE-2022-1400 was published Aug 18, 2022

Use of Hard-coded Credentials in AgileConfig.Client Critical

CVE-2022-35540 was published for AgileConfig.Client (NuGet) Aug 19, 2022

Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d... Critical Unreviewed

CVE-2022-38556 was published Aug 29, 2022

D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d... Critical Unreviewed

CVE-2022-38557 was published Aug 29, 2022

Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root... Critical Unreviewed

CVE-2022-36558 was published Aug 30, 2022

Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded... Critical Unreviewed

CVE-2022-36560 was published Aug 30, 2022

Le-yan Personnel and Salary Management System has hard-coded database account and password within... Critical Unreviewed

CVE-2022-38116 was published Aug 31, 2022

Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056,... Critical Unreviewed

CVE-2022-30318 was published Sep 1, 2022

Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config... Critical Unreviewed

CVE-2022-36672 was published Sep 2, 2022

In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is... Critical Unreviewed

CVE-2022-40111 was published Sep 7, 2022

Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions... Critical Unreviewed

CVE-2022-38394 was published Sep 9, 2022

WAPPLES through 6.0 has a hardcoded systemi account accessible via db/wp.no1 (as configured in... Critical Unreviewed

CVE-2022-35413 was published Sep 14, 2022

Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to... Critical Unreviewed

CVE-2022-3214 was published Sep 17, 2022

In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow... Critical Unreviewed

CVE-2022-38823 was published Sep 17, 2022

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote,... Critical Unreviewed

CVE-2022-22522 was published Sep 29, 2022

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote,... Critical Unreviewed

CVE-2022-28812 was published Sep 29, 2022

go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key. Critical Unreviewed

CVE-2022-42980 was published Oct 17, 2022

A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc.... Critical Unreviewed

CVE-2022-29889 was published Oct 25, 2022

An authentication bypass vulnerability exists in the web interface /action/factory* functionality... Critical Unreviewed

CVE-2022-29477 was published Oct 25, 2022

A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote... Critical Unreviewed

CVE-2022-40602 was published Nov 22, 2022

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions... Critical Unreviewed

CVE-2022-29830 was published Nov 25, 2022

A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the... Critical Unreviewed

CVE-2022-41157 was published Nov 25, 2022

Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows... Critical Unreviewed

CVE-2022-44096 was published Nov 30, 2022

Previous 1 2 … 14 15 16 17 18 … 21 22 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

533 advisories