Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

533 advisories

Loading
Easy!Appointments uses hard-coded credentials Critical
CVE-2023-1269 was published for alextselegidis/easyappointments (Composer) Mar 8, 2023
The Akuvox E11 secure shell (SSH) server is enabled by default and can be accessed by the root... Critical Unreviewed
CVE-2023-0345 was published Mar 13, 2023
A Hard Coded Admin Credentials issue in the Web-UI Admin Panel in Propius MachineSelector 6.6.0... Critical Unreviewed
CVE-2023-26511 was published Mar 14, 2023
Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows... Critical Unreviewed
CVE-2022-22512 was published Mar 23, 2023
Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded... Critical Unreviewed
CVE-2023-28654 was published Mar 28, 2023
The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with... Critical Unreviewed
CVE-2023-1748 was published Apr 4, 2023
@nuxtlabs/github-module made Use of Hard-coded Credentials Critical
CVE-2023-2138 was published for @nuxtlabs/github-module (npm) Apr 18, 2023
An issue was discovered in Fighting Cock Information System 1.0, which uses default credentials,... Critical Unreviewed
CVE-2022-39989 was published Apr 26, 2023
Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user... Critical Unreviewed
CVE-2022-41400 was published Apr 28, 2023
The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard... Critical Unreviewed
CVE-2022-41397 was published Apr 28, 2023
European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak... Critical Unreviewed
CVE-2023-26089 was published May 2, 2023
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard... Critical Unreviewed
CVE-2023-30352 was published May 10, 2023
MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability... Critical Unreviewed
CVE-2023-33236 was published May 22, 2023
Snap One OvrC Pro versions prior to 7.2 have their own locally... Critical Unreviewed
CVE-2023-31240 was published May 22, 2023
Files present on firmware images could allow an attacker to gain unauthorized access as a... Critical Unreviewed
CVE-2023-2504 was published May 23, 2023
Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote... Critical Unreviewed
CVE-2022-4333 was published Jun 1, 2023
Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below... Critical Unreviewed
CVE-2023-33778 was published Jun 1, 2023
Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not... Critical Unreviewed
CVE-2023-2611 was published Jun 22, 2023
AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded... Critical Unreviewed
CVE-2023-34338 was published Jul 5, 2023
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2... Critical Unreviewed
CVE-2022-45444 was published Jul 6, 2023
Electra Central AC unit – Hardcoded Credentials in unspecified code used by the unit. Critical Unreviewed
CVE-2023-24501 was published Jul 6, 2023
Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious... Critical Unreviewed
CVE-2023-2158 was published Jul 6, 2023
PiiGAB M-Bus contains hard-coded credentials which it uses for authentication. Critical Unreviewed
CVE-2023-35987 was published Jul 7, 2023
SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated... Critical Unreviewed
CVE-2023-37287 was published Jul 10, 2023
SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated... Critical Unreviewed
CVE-2023-37286 was published Jul 10, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database