Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

426 advisories

Loading
A vulnerability in the configuration of a local database installed as part of the Cisco Energy... High Unreviewed
CVE-2018-0468 was published May 14, 2022
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application... High Unreviewed
CVE-2018-19065 was published May 14, 2022
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application... High Unreviewed
CVE-2018-19066 was published May 14, 2022
An issue was discovered in the MensaMax (aka com.breustedt.mensamax) application 4.3 for Android.... High Unreviewed
CVE-2018-15753 was published May 14, 2022
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is a hardcoded... High Unreviewed
CVE-2018-17217 was published May 14, 2022
Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA... High Unreviewed
CVE-2018-0663 was published May 14, 2022
A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows... High Unreviewed
CVE-2018-13820 was published May 14, 2022
A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows... High Unreviewed
CVE-2018-13819 was published May 14, 2022
Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password ... High Unreviewed
CVE-2010-1573 was published May 14, 2022
The IMM2 First Failure Data Capture function collects management module logs and diagnostic... High Unreviewed
CVE-2018-9068 was published May 14, 2022
Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account,... High Unreviewed
CVE-2018-10328 was published May 14, 2022
An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded... High Unreviewed
CVE-2018-12323 was published May 14, 2022
In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have... High Unreviewed
CVE-2018-10813 was published May 14, 2022
An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config... High Unreviewed
CVE-2018-10966 was published May 14, 2022
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5... High Unreviewed
CVE-2018-10167 was published May 14, 2022
Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection... High Unreviewed
CVE-2018-1206 was published May 14, 2022
IBM Security Guardium Database Activity Monitor 10 allows local users to have unspecified impact... High Unreviewed
CVE-2016-0235 was published May 14, 2022
Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows user account named ... High Unreviewed
CVE-2018-1214 was published May 14, 2022
A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless... High Unreviewed
CVE-2017-12724 was published May 14, 2022
A Use of Hard-coded Password issue was discovered in Smiths Medical Medfusion 4000 Wireless... High Unreviewed
CVE-2017-12726 was published May 14, 2022
EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that... High Unreviewed
CVE-2017-14376 was published May 17, 2022
An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software... High Unreviewed
CVE-2017-9956 was published May 17, 2022
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware... High Unreviewed
CVE-2017-14422 was published May 17, 2022
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not... High Unreviewed
CVE-2017-14116 was published May 17, 2022
The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a... High Unreviewed
CVE-2017-6351 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database