GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,645
Composer 4,233
Erlang 31
GitHub Actions 20
Go 1,992
Maven 5,179
npm 3,709
NuGet 661
pip 3,346
Pub 11
RubyGems 884
Rust 846
Swift 36

Unreviewed advisories

All unreviewed 235,004

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

1,154 advisories

Filter by severity

Sort by

Least recently updated

The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted... High Unreviewed

CVE-2017-5230 was published May 17, 2022

LinkPlay Sound Bar v1.0 allows attackers to escalate privileges via a hardcoded password for the... Critical Unreviewed

CVE-2022-28605 was published Jun 3, 2022

MEDHOST Document Management System contains hard-coded credentials that are used for customer... Critical Unreviewed

CVE-2017-11693 was published May 17, 2022

MEDHOST Connex contains a hard-coded Mirth Connect admin credential that is used for customer... Critical Unreviewed

CVE-2017-11743 was published May 17, 2022

VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys... Critical Unreviewed

CVE-2016-5333 was published May 17, 2022

The software contains a hard-coded password it uses for its own inbound authentication or for... High Unreviewed

CVE-2021-27438 was published May 24, 2022

An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES... High Unreviewed

CVE-2022-25806 was published Jun 10, 2022

USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded... Critical Unreviewed

CVE-2022-29730 was published Jun 3, 2022

The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows... High Unreviewed

CVE-2020-7352 was published May 24, 2022

A vulnerability was found in Telecommunication Software SAMwin Contact Center Suite 5.1. It has... Critical Unreviewed

CVE-2013-10002 was published May 25, 2022

An attacker can gain full access (read/write/delete) to sensitive folders due to hard-coded... Critical Unreviewed

CVE-2021-33016 was published May 27, 2022

An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. PKI... Moderate Unreviewed

CVE-2020-25256 was published May 24, 2022

An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4... High Unreviewed

CVE-2021-33014 was published May 27, 2022

SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and... Critical Unreviewed

CVE-2020-13963 was published May 24, 2022

Undocumented Default Cryptographic Key Vulnerability in Cohesity DataPlatform version 6.3 prior 6... Critical Unreviewed

CVE-2021-28123 was published May 24, 2022

Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows... Critical Unreviewed

CVE-2022-44096 was published Nov 30, 2022

An exploitable vulnerability exists in the Wi-Fi Access Point feature of the Roav A1 Dashcam... High Unreviewed

CVE-2018-4017 was published May 24, 2022

Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the ... Critical Unreviewed

CVE-2019-5021 was published May 24, 2022

IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or... Moderate Unreviewed

CVE-2020-4269 was published May 24, 2022

IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a... Critical Unreviewed

CVE-2020-4854 was published May 24, 2022

Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows... Critical Unreviewed

CVE-2022-44097 was published Nov 30, 2022

A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the... Critical Unreviewed

CVE-2022-41157 was published Nov 25, 2022

An exploitable unsafe default configuration vulnerability exists in the TURN server function of... Critical Unreviewed

CVE-2018-4059 was published May 13, 2022

Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle ... High Unreviewed

CVE-2021-4228 was published Oct 24, 2022

ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote... High Unreviewed

CVE-2022-26672 was published Apr 23, 2022

Previous 1 2 … 43 44 45 46 47 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,154 advisories