Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,653
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,128 advisories

Loading
Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains service credentials likely... High Unreviewed
CVE-2021-44464 was published Jan 22, 2022
Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric... High Unreviewed
CVE-2021-23842 was published Jan 20, 2022
Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service... Low Unreviewed
CVE-2022-0131 was published Jan 18, 2022
The Le-yan dental management system contains a hard-coded credentials vulnerability in the web... Critical Unreviewed
CVE-2022-22056 was published Jan 15, 2022
Lack of administrator control over security vulnerability in MELSEC-F series FX3U-ENET Firmware... High Unreviewed
CVE-2021-20612 was published Jan 15, 2022
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions <... High Unreviewed
CVE-2021-45033 was published Jan 12, 2022
The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL -... High Unreviewed
CVE-2021-43052 was published Jan 12, 2022
QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167f0db2-f83e-4baa-9736... Critical Unreviewed
CVE-2022-22845 was published Jan 11, 2022
Use of Hard-coded Credentials in Apache Kylin High
CVE-2021-45458 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such that an attacker (who does... Critical Unreviewed
CVE-2021-36751 was published Jan 3, 2022
Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded... High Unreviewed
CVE-2021-20132 was published Dec 31, 2021
Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to... Critical Unreviewed
CVE-2021-20155 was published Dec 31, 2021
Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal... High Unreviewed
CVE-2021-20170 was published Dec 31, 2021
Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear... High Unreviewed
CVE-2021-45732 was published Dec 31, 2021
Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials,... Moderate Unreviewed
CVE-2021-35232 was published Dec 28, 2021
IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a... High Unreviewed
CVE-2021-32993 was published Dec 28, 2021
Certain NETGEAR devices are affected by a hardcoded password. This affects RBK352 before 4.4.0.10... Moderate Unreviewed
CVE-2021-45521 was published Dec 27, 2021
Certain NETGEAR devices are affected by a hardcoded password. This affects RBK352 before 4.4.0.10... High Unreviewed
CVE-2021-45520 was published Dec 27, 2021
NETGEAR XR1000 devices before 1.0.0.58 are affected by a hardcoded password. High Unreviewed
CVE-2021-45522 was published Dec 27, 2021
Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials. High Unreviewed
CVE-2021-44207 was published Dec 22, 2021
A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS... High Unreviewed
CVE-2021-41028 was published Dec 17, 2021
A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS before 7.0.1 may... High Unreviewed
CVE-2021-26108 was published Dec 9, 2021
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The SNMP daemon was... Critical Unreviewed
CVE-2021-43044 was published Dec 7, 2021
An issue was discovered on Victure WR1200 devices through 1.0.3. The root SSH password never gets... High Unreviewed
CVE-2021-43284 was published Dec 1, 2021
An issue was discovered on Victure WR1200 devices through 1.0.3. The default Wi-Fi WPA2 key is... Moderate Unreviewed
CVE-2021-43282 was published Dec 1, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database