Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,154 advisories

Loading
luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials. Critical Unreviewed
CVE-2024-39208 was published Jun 27, 2024
TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in ... Critical Unreviewed
CVE-2024-36782 was published Jun 3, 2024
'OfferBox' App for Android versions 2.0.0 to 2.3.17 and 'OfferBox' App for iOS versions 2.1.7 to... High Unreviewed
CVE-2024-32988 was published May 22, 2024
Sangoma FreePBX 1805 through 2203 on Linux contains hardcoded credentials for the Asterisk REST... High Unreviewed
CVE-2023-26566 was published May 14, 2024
An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to overwrite... Moderate Unreviewed
CVE-2024-22813 was published Apr 22, 2024
In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server... High Unreviewed
CVE-2023-52723 was published Apr 29, 2024
Hardcoded credentials are discovered within the application's source code, creating a potential... Critical Unreviewed
CVE-2023-41919 was published Jul 2, 2024
Unitronics Vision Series PLCs and HMIs use default administrative passwords. An unauthenticated... Critical Unreviewed
CVE-2023-6448 was published Dec 5, 2023
A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP)... High Unreviewed
CVE-2024-5460 was published Jun 26, 2024
Use of Hard-coded Credentials vulnerability in Baicells Snap Router BaiCE_BMI on EP3011 (User... Critical Unreviewed
CVE-2023-6198 was published Jun 25, 2024
Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor.... High Unreviewed
CVE-2024-6045 was published Jun 17, 2024
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive... Critical Unreviewed
CVE-2024-1228 was published Jun 10, 2024
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive... Critical Unreviewed
CVE-2024-3699 was published Jun 10, 2024
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive... Critical Unreviewed
CVE-2024-3700 was published Jun 10, 2024
CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege... High Unreviewed
CVE-2024-0865 was published Jun 12, 2024
Chirp Access improperly stores credentials within its source code, potentially exposing... Critical Unreviewed
CVE-2024-2197 was published Mar 20, 2024
Dell PowerScale OneFS versions 8.2.x through 9.8.0.x contain a use of hard coded credentials... High Unreviewed
CVE-2024-29170 was published Jun 4, 2024
A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 (64-bit edition) with... Moderate Unreviewed
CVE-2021-41320 was published May 24, 2022
FlyteAdmin's Default OAuth Authorization Server secret must be rotated High
CVE-2022-39273 was published for github.com/flyteorg/flyteadmin (Go) Oct 5, 2022
Incorrect handling of credential expiry by /nats-io/nats-server Critical
CVE-2020-26892 was published for github.com/nats-io/jwt (Go) Feb 11, 2022
Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5... High Unreviewed
CVE-2024-4844 was published May 16, 2024
Hard-coded credentials are used by the  CyberPower PowerPanel platform to authenticate to the ... Critical Unreviewed
CVE-2024-32053 was published May 15, 2024
Weak account password in GE HealthCare EchoPAC products Critical Unreviewed
CVE-2024-27107 was published May 14, 2024
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device... Critical Unreviewed
CVE-2024-32740 was published May 14, 2024
The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication... High Unreviewed
CVE-2024-23473 was published May 14, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database