Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

174 advisories

Loading
Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 ... Moderate Unreviewed
CVE-2023-45194 was published Oct 11, 2023
Microweber uses hard coded credentials Moderate
CVE-2023-5318 was published for microweber/microweber (Composer) Sep 30, 2023
Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated... Moderate Unreviewed
CVE-2023-41030 was published Sep 18, 2023
Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which... Moderate Unreviewed
CVE-2023-27169 was published Sep 12, 2023
A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may... Moderate Unreviewed
CVE-2023-39982 was published Sep 2, 2023
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models... Moderate Unreviewed
CVE-2022-3744 was published Aug 23, 2023
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded... Moderate Unreviewed
CVE-2023-3262 was published Aug 14, 2023
Use of hard-coded credentials in some Intel(R) Unison(TM) software before version 10.12 may allow... Moderate Unreviewed
CVE-2022-44612 was published Aug 11, 2023
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated,... Moderate Unreviewed
CVE-2023-37858 was published Aug 9, 2023
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that... Moderate Unreviewed
CVE-2023-35763 was published Jul 18, 2023
"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4... Moderate Unreviewed
CVE-2023-28387 was published Jun 30, 2023
A security vulnerability in HPE Insight Remote Support may result in the local disclosure of... Moderate Unreviewed
CVE-2023-30904 was published Jun 16, 2023
A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects... Moderate Unreviewed
CVE-2023-3237 was published Jun 14, 2023
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050... Moderate Unreviewed
CVE-2023-33920 was published Jun 13, 2023
JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may... Moderate Unreviewed
CVE-2023-27921 was published May 23, 2023
Update share links to use FRP instead of SSH tunneling Moderate
CVE-2023-25823 was published for gradio (pip) Feb 23, 2023
gregsadetsky samueltc
A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471.... Moderate Unreviewed
CVE-2023-0808 was published Feb 13, 2023
PowerPath Management Appliance with versions 3.3 & 3.2* contains a Hardcoded Cryptographic Keys... Moderate Unreviewed
CVE-2022-34449 was published Feb 11, 2023
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs ... Moderate Unreviewed
CVE-2022-34386 was published Feb 11, 2023
Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows... Moderate Unreviewed
CVE-2023-21426 was published Feb 9, 2023
Hardcoded credential is found in affected products' message queue. An attacker that manages to... Moderate Unreviewed
CVE-2022-3928 was published Jan 6, 2023
A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate... Moderate Unreviewed
CVE-2022-4611 was published Dec 19, 2022
Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network... Moderate Unreviewed
CVE-2022-34840 was published Dec 7, 2022
In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus... Moderate Unreviewed
CVE-2021-34577 was published Nov 9, 2022
The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when... Moderate Unreviewed
CVE-2022-41540 was published Oct 18, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database