GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,931
Composer 4,871
Erlang 37
GitHub Actions 36
Go 2,517
Maven 5,956
npm 4,150
NuGet 736
pip 3,952
Pub 12
RubyGems 946
Rust 1,026
Swift 39

Unreviewed advisories

All unreviewed 269,970

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

1,327 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only... High Unreviewed

CVE-2021-41827 was published May 24, 2022

An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR... Critical Unreviewed

CVE-2021-21913 was published May 24, 2022

IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic... Critical Unreviewed

CVE-2020-4690 was published May 24, 2022

Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with... High Unreviewed

CVE-2021-41828 was published May 24, 2022

The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key... High Unreviewed

CVE-2021-38461 was published May 24, 2022

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2... Critical Unreviewed

CVE-2021-38456 was published May 24, 2022

An authentication bypass vulnerability exists in the web interface /action/factory* functionality... Critical Unreviewed

CVE-2022-29477 was published Oct 25, 2022

A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc.... Critical Unreviewed

CVE-2022-29889 was published Oct 25, 2022

Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive... Critical Unreviewed

CVE-2021-34795 was published May 24, 2022

Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to... Critical Unreviewed

CVE-2022-3214 was published Sep 17, 2022

A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow... Critical Unreviewed

CVE-2021-40119 was published May 24, 2022

Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials. Critical Unreviewed

CVE-2021-40519 was published May 24, 2022

D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which... Critical Unreviewed

CVE-2017-11436 was published May 24, 2022

D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote... Critical Unreviewed

CVE-2017-15909 was published May 24, 2022

A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA... High Unreviewed

CVE-2022-29856 was published Apr 30, 2022

Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak... High Unreviewed

CVE-2020-15382 was published May 24, 2022

A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions... Moderate Unreviewed

CVE-2019-6859 was published May 24, 2022

The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known... High Unreviewed

CVE-2000-1139 was published Apr 30, 2022

The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote... Critical Unreviewed

CVE-2021-32535 was published May 24, 2022

In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire... Critical Unreviewed

CVE-2020-25565 was published May 24, 2022

In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, hard-coded credentials in the... Moderate Unreviewed

CVE-2020-27278 was published May 24, 2022

The same hard-coded password in QSAN Storage Manager's in the firmware allows remote attackers to... Critical Unreviewed

CVE-2021-32525 was published May 24, 2022

A hard-coded password vulnerability exists in the SFTP Log Collection Server function of Trend... Moderate Unreviewed

CVE-2021-32459 was published May 24, 2022

Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12.... Critical Unreviewed

CVE-2016-8731 was published May 13, 2022

Use of hard-coded cryptographic key vulnerability in QSAN Storage Manager allows attackers to... Critical Unreviewed

CVE-2021-32520 was published May 24, 2022

Previous 1…15…54 Next

Previous 1 2 … 13 14 15 16 17 … 53 54 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,327 advisories