GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,645
Composer 4,233
Erlang 31
GitHub Actions 20
Go 1,992
Maven 5,179
npm 3,709
NuGet 661
pip 3,346
Pub 11
RubyGems 884
Rust 846
Swift 36

Unreviewed advisories

All unreviewed 235,004

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

160 advisories

Filter by severity

Sort by

Least recently updated

An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. PKI... Moderate Unreviewed

CVE-2020-25256 was published May 24, 2022

In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to... Moderate Unreviewed

CVE-2020-24115 was published May 24, 2022

The client (aka GalaxyClientService.exe) in GOG GALAXY 2.0.19 allows local privilege escalation... Moderate Unreviewed

CVE-2020-24574 was published May 24, 2022

This vulnerability allows remote attackers to disclose sensitive information on affected... Moderate Unreviewed

CVE-2020-10919 was published May 24, 2022

The NetApp HCI H610S Baseboard Management Controller (BMC) is shipped with a documented default... Moderate Unreviewed

CVE-2020-8573 was published May 24, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account... Moderate Unreviewed

CVE-2020-15318 was published May 24, 2022

Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in... Moderate Unreviewed

CVE-2020-9289 was published May 24, 2022

A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1... Moderate Unreviewed

CVE-2020-7501 was published May 24, 2022

An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by... Moderate Unreviewed

CVE-2020-13414 was published May 24, 2022

An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.42. A bundled script... Moderate Unreviewed

CVE-2020-10996 was published May 24, 2022

airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242... Moderate Unreviewed

CVE-2020-11876 was published May 24, 2022

IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or... Moderate Unreviewed

CVE-2020-4269 was published May 24, 2022

This vulnerability allows network-adjacent attackers execute arbitrary code on affected... Moderate Unreviewed

CVE-2020-10884 was published May 24, 2022

The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the... Moderate Unreviewed

CVE-2019-5137 was published May 24, 2022

An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded... Moderate Unreviewed

CVE-2020-8657 was published May 24, 2022

In IXP EasyInstall 6.2.13723, there are cleartext credentials in network communication on TCP... Moderate Unreviewed

CVE-2019-19898 was published May 24, 2022

Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup... Moderate Unreviewed

CVE-2019-6693 was published May 24, 2022

Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow... Moderate Unreviewed

CVE-2018-9195 was published May 24, 2022

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a... Moderate Unreviewed

CVE-2019-10990 was published May 24, 2022

Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an... Moderate Unreviewed

CVE-2019-13399 was published May 24, 2022

The ABB HMI components implement hidden administrative accounts that are used during the... Moderate Unreviewed

CVE-2019-7225 was published May 24, 2022

Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager... Moderate Unreviewed

CVE-2019-12376 was published May 24, 2022

VVX products using UCS software version 5.8.0 and earlier with Better Together over Ethernet... Moderate Unreviewed

CVE-2019-10688 was published May 24, 2022

A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage... Moderate Unreviewed

CVE-2021-42849 was published May 19, 2022

auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, ... Moderate Unreviewed

CVE-2010-2073 was published May 17, 2022

Previous 1 2 3 4 5 6 7 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

160 advisories