Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

433 advisories

Loading
Azure AI Search Information Disclosure Vulnerability High Unreviewed
CVE-2024-29063 was published Apr 9, 2024
A CWE-798 “Use of Hard-coded Credentials” vulnerability in the MariaDB database of the web... High Unreviewed
CVE-2023-5456 was published Mar 5, 2024
Use of Hard-coded Credentials vulnerability in Utarit Information Technologies SoliPay Mobile App... High Unreviewed
CVE-2023-6255 was published Feb 15, 2024
Use of a hard-coded password for a special database account created during Comarch ERP XL... High Unreviewed
CVE-2023-4539 was published Feb 15, 2024
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access... High Unreviewed
CVE-2023-6409 was published Feb 14, 2024
Improper Input Validation in Hitron Systems DVR LGUVR-16H 1.02~4.02 allows an attacker to cause... High Unreviewed
CVE-2024-23842 was published Jan 23, 2024
Improper Input Validation in Hitron Systems DVR HVR-8781 1.03~4.02 allows an attacker to cause... High Unreviewed
CVE-2024-22769 was published Jan 23, 2024
Improper Input Validation in Hitron Systems DVR HVR-4781 1.03~4.02 allows an attacker to cause... High Unreviewed
CVE-2024-22768 was published Jan 23, 2024
Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause... High Unreviewed
CVE-2024-22772 was published Jan 23, 2024
Improper Input Validation in Hitron Systems DVR HVR-16781 1.03~4.02 allows an attacker to cause... High Unreviewed
CVE-2024-22770 was published Jan 23, 2024
Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause... High Unreviewed
CVE-2024-22771 was published Jan 23, 2024
Ubee DDW365 XCNDDW365 and DDW366 XCNDXW3WB devices have predictable default WPA2 PSKs that could... High Unreviewed
CVE-2024-23726 was published Jan 21, 2024
It is possible to download the configuration backup without authorization and decrypt included... High Unreviewed
CVE-2023-49256 was published Jan 12, 2024
The vulnerability allows a remote attacker to authenticate to the SSH service with root... High Unreviewed
CVE-2023-48251 was published Jan 10, 2024
The vulnerability allows a remote attacker to authenticate to the web application with high... High Unreviewed
CVE-2023-48250 was published Jan 10, 2024
An issue in Automatic Systems SOC FL9600 FastLine v.lego_T04E00 allows a remote attacker to... High Unreviewed
CVE-2023-37608 was published Jan 3, 2024
When installing the Net2 software a root certificate is installed into the trusted store. A... High Unreviewed
CVE-2023-43870 was published Dec 19, 2023
A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion... High Unreviewed
CVE-2023-36647 was published Dec 12, 2023
Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login... High Unreviewed
CVE-2023-36651 was published Dec 12, 2023
The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard... High Unreviewed
CVE-2023-33413 was published Dec 7, 2023
Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate... High Unreviewed
CVE-2023-40464 was published Dec 5, 2023
When configured in debugging mode by an authenticated user with administrative... High Unreviewed
CVE-2023-40463 was published Dec 5, 2023
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT... High Unreviewed
CVE-2023-47315 was published Nov 22, 2023
SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This... High Unreviewed
CVE-2023-48055 was published Nov 16, 2023
Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES... High Unreviewed
CVE-2023-48053 was published Nov 16, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database