Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

520 advisories

Loading
Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and... Critical Unreviewed
CVE-2023-33371 was published Aug 3, 2023
JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials Critical Unreviewed
CVE-2023-37215 was published Jul 30, 2023
Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials Critical Unreviewed
CVE-2023-32227 was published Jul 30, 2023
TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password (PIN):... Critical Unreviewed
CVE-2023-33744 was published Jul 27, 2023
Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An... Critical Unreviewed
CVE-2023-37291 was published Jul 21, 2023
SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated... Critical Unreviewed
CVE-2023-37287 was published Jul 10, 2023
SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated... Critical Unreviewed
CVE-2023-37286 was published Jul 10, 2023
PiiGAB M-Bus contains hard-coded credentials which it uses for authentication. Critical Unreviewed
CVE-2023-35987 was published Jul 7, 2023
Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious... Critical Unreviewed
CVE-2023-2158 was published Jul 6, 2023
Electra Central AC unit – Hardcoded Credentials in unspecified code used by the unit. Critical Unreviewed
CVE-2023-24501 was published Jul 6, 2023
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2... Critical Unreviewed
CVE-2022-45444 was published Jul 6, 2023
AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded... Critical Unreviewed
CVE-2023-34338 was published Jul 5, 2023
Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not... Critical Unreviewed
CVE-2023-2611 was published Jun 22, 2023
Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote... Critical Unreviewed
CVE-2022-4333 was published Jun 1, 2023
Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below... Critical Unreviewed
CVE-2023-33778 was published Jun 1, 2023
Files present on firmware images could allow an attacker to gain unauthorized access as a... Critical Unreviewed
CVE-2023-2504 was published May 23, 2023
Snap One OvrC Pro versions prior to 7.2 have their own locally... Critical Unreviewed
CVE-2023-31240 was published May 22, 2023
MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability... Critical Unreviewed
CVE-2023-33236 was published May 22, 2023
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard... Critical Unreviewed
CVE-2023-30352 was published May 10, 2023
European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak... Critical Unreviewed
CVE-2023-26089 was published May 2, 2023
Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user... Critical Unreviewed
CVE-2022-41400 was published Apr 28, 2023
The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard... Critical Unreviewed
CVE-2022-41397 was published Apr 28, 2023
An issue was discovered in Fighting Cock Information System 1.0, which uses default credentials,... Critical Unreviewed
CVE-2022-39989 was published Apr 26, 2023
The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with... Critical Unreviewed
CVE-2023-1748 was published Apr 4, 2023
Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded... Critical Unreviewed
CVE-2023-28654 was published Mar 28, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database