Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

161 advisories

Loading
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. PKI... Moderate Unreviewed
CVE-2020-25256 was published May 24, 2022
In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to... Moderate Unreviewed
CVE-2020-24115 was published May 24, 2022
The client (aka GalaxyClientService.exe) in GOG GALAXY 2.0.19 allows local privilege escalation... Moderate Unreviewed
CVE-2020-24574 was published May 24, 2022
This vulnerability allows remote attackers to disclose sensitive information on affected... Moderate Unreviewed
CVE-2020-10919 was published May 24, 2022
The NetApp HCI H610S Baseboard Management Controller (BMC) is shipped with a documented default... Moderate Unreviewed
CVE-2020-8573 was published May 24, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account... Moderate Unreviewed
CVE-2020-15318 was published May 24, 2022
Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in... Moderate Unreviewed
CVE-2020-9289 was published May 24, 2022
A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1... Moderate Unreviewed
CVE-2020-7501 was published May 24, 2022
An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by... Moderate Unreviewed
CVE-2020-13414 was published May 24, 2022
An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.42. A bundled script... Moderate Unreviewed
CVE-2020-10996 was published May 24, 2022
airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242... Moderate Unreviewed
CVE-2020-11876 was published May 24, 2022
IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or... Moderate Unreviewed
CVE-2020-4269 was published May 24, 2022
This vulnerability allows network-adjacent attackers execute arbitrary code on affected... Moderate Unreviewed
CVE-2020-10884 was published May 24, 2022
The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the... Moderate Unreviewed
CVE-2019-5137 was published May 24, 2022
An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded... Moderate Unreviewed
CVE-2020-8657 was published May 24, 2022
In IXP EasyInstall 6.2.13723, there are cleartext credentials in network communication on TCP... Moderate Unreviewed
CVE-2019-19898 was published May 24, 2022
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup... Moderate Unreviewed
CVE-2019-6693 was published May 24, 2022
Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow... Moderate Unreviewed
CVE-2018-9195 was published May 24, 2022
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a... Moderate Unreviewed
CVE-2019-10990 was published May 24, 2022
Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an... Moderate Unreviewed
CVE-2019-13399 was published May 24, 2022
The ABB HMI components implement hidden administrative accounts that are used during the... Moderate Unreviewed
CVE-2019-7225 was published May 24, 2022
Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager... Moderate Unreviewed
CVE-2019-12376 was published May 24, 2022
VVX products using UCS software version 5.8.0 and earlier with Better Together over Ethernet... Moderate Unreviewed
CVE-2019-10688 was published May 24, 2022
A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage... Moderate Unreviewed
CVE-2021-42849 was published May 19, 2022
auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, ... Moderate Unreviewed
CVE-2010-2073 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database