Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,291 advisories

Loading
Root user password is hardcoded into the device and cannot be changed in the user interface. Critical Unreviewed
CVE-2023-49253 was published Jan 12, 2024
Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default... Moderate Unreviewed
CVE-2023-50124 was published Jan 11, 2024
The vulnerability allows a remote attacker to authenticate to the SSH service with root... High Unreviewed
CVE-2023-48251 was published Jan 10, 2024
The vulnerability allows a remote attacker to authenticate to the web application with high... High Unreviewed
CVE-2023-48250 was published Jan 10, 2024
IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or... Moderate Unreviewed
CVE-2023-50948 was published Jan 8, 2024
An issue in Automatic Systems SOC FL9600 FastLine v.lego_T04E00 allows a remote attacker to... High Unreviewed
CVE-2023-37608 was published Jan 3, 2024
An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses... Moderate Unreviewed
CVE-2023-49228 was published Dec 28, 2023
Phlox com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus has an Android... Moderate Unreviewed
CVE-2023-46918 was published Dec 28, 2023
Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka... Moderate Unreviewed
CVE-2023-46919 was published Dec 27, 2023
VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an... Moderate Unreviewed
CVE-2023-46711 was published Dec 26, 2023
In Pexip VMR self-service portal before 3, the same SSH host key is used across different... Moderate Unreviewed
CVE-2023-40236 was published Dec 25, 2023
IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or... Moderate Unreviewed
CVE-2023-47704 was published Dec 20, 2023
When installing the Net2 software a root certificate is installed into the trusted store. A... High Unreviewed
CVE-2023-43870 was published Dec 19, 2023
Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard... Critical Unreviewed
CVE-2023-48392 was published Dec 15, 2023
Multisuns EasyLog web+ has a vulnerability of using hard-coded credentials. An remote attacker... Critical Unreviewed
CVE-2023-48388 was published Dec 15, 2023
SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard... Moderate Unreviewed
CVE-2023-48374 was published Dec 15, 2023
Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for... Moderate Unreviewed
CVE-2023-43583 was published Dec 14, 2023
A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion... High Unreviewed
CVE-2023-36647 was published Dec 12, 2023
Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login... High Unreviewed
CVE-2023-36651 was published Dec 12, 2023
NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key. Critical Unreviewed
CVE-2023-40300 was published Dec 7, 2023
The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard... High Unreviewed
CVE-2023-33413 was published Dec 7, 2023
The affected devices use publicly available default credentials with administrative privileges. Critical Unreviewed
CVE-2023-39169 was published Dec 7, 2023
Unitronics Vision Series PLCs and HMIs use default administrative passwords. An unauthenticated... Critical Unreviewed
CVE-2023-6448 was published Dec 5, 2023
When configured in debugging mode by an authenticated user with administrative... High Unreviewed
CVE-2023-40463 was published Dec 5, 2023
Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate... High Unreviewed
CVE-2023-40464 was published Dec 5, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database