GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
418 advisories
Filter by severity
A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion...
High
Unreviewed
CVE-2023-36647
was published
Dec 12, 2023
The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard...
High
Unreviewed
CVE-2023-33413
was published
Dec 7, 2023
When installing the Net2 software a root certificate is installed into the trusted store. A...
High
Unreviewed
CVE-2023-43870
was published
Dec 19, 2023
Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login...
High
Unreviewed
CVE-2023-36651
was published
Dec 12, 2023
Several versions of
ALEOS, including ALEOS 4.16.0, use a hardcoded
SSL certificate...
High
Unreviewed
CVE-2023-40464
was published
Dec 5, 2023
When configured in
debugging mode by an authenticated user with
administrative...
High
Unreviewed
CVE-2023-40463
was published
Dec 5, 2023
SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This...
High
Unreviewed
CVE-2023-48055
was published
Nov 16, 2023
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT...
High
Unreviewed
CVE-2023-47315
was published
Nov 22, 2023
Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES...
High
Unreviewed
CVE-2023-48053
was published
Nov 16, 2023
Symmetric encryption used to protect messages between the AppsAnywhere server and client can be...
High
Unreviewed
CVE-2023-41137
was published
Nov 9, 2023
Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability. A local...
High
Unreviewed
CVE-2023-44296
was published
Nov 16, 2023
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated,...
High
Unreviewed
CVE-2023-37857
was published
Aug 9, 2023
The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk...
High
Unreviewed
CVE-2023-26219
was published
Oct 25, 2023
Dromara Lamp-Cloud Use of Hard-coded Cryptographic Key
High
CVE-2023-31579
was published
for
top.tangyh.basic:lamp-core
(Maven)
Nov 3, 2023
Netmaker has Hardcoded DNS Secret Key
High
CVE-2023-32077
was published
for
github.com/gravitl/netmaker
(Go)
Aug 25, 2023
The Android Client application, when enrolled to the AppHub server, connects to an MQTT
broker to...
High
Unreviewed
CVE-2023-46102
was published
Oct 25, 2023
The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify...
High
Unreviewed
CVE-2023-41372
was published
Oct 25, 2023
Hard coded cryptographic key in Kiali
High
CVE-2020-1764
was published
for
github.com/kiali/kiali
(Go)
May 18, 2021
TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial...
High
Unreviewed
CVE-2019-13474
was published
May 24, 2022
TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial...
High
Unreviewed
CVE-2019-13473
was published
May 24, 2022
Lack of administrator control over security vulnerability in MELSEC-F series FX3U-ENET Firmware...
High
Unreviewed
CVE-2021-20612
was published
Jan 15, 2022
Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account.
High
Unreviewed
CVE-2021-25863
was published
May 24, 2022
Use of Hard-coded Credentials in Apache Kylin
High
CVE-2021-45458
was published
for
org.apache.kylin:kylin
(Maven)
Jan 8, 2022
Common encryption key appears to be used across all deployed instances of Serv-U FTP Server....
High
Unreviewed
CVE-2021-35252
was published
Dec 20, 2022
Use of static encryption key material allows forging an authentication token to other users...
High
Unreviewed
CVE-2022-23724
was published
May 5, 2022
ProTip!
Advisories are also available from the
GraphQL API