Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,154
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,327 advisories

Loading
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR... High Unreviewed
CVE-2019-9229 was published May 24, 2022
Hardcoded credentials in the Akuvox R50P VoIP phone 50.0.6.156 allow an attacker to get access to... Critical Unreviewed
CVE-2019-12327 was published May 24, 2022
A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary... Critical Unreviewed
CVE-2019-12797 was published May 24, 2022
Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root. Critical Unreviewed
CVE-2018-20955 was published May 24, 2022
Metasys? ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for... Critical Unreviewed
CVE-2019-7594 was published May 24, 2022
Metasys? ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair... Critical Unreviewed
CVE-2019-7593 was published May 24, 2022
A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director,... Critical Unreviewed
CVE-2019-1935 was published May 24, 2022
The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for... High Unreviewed
CVE-2016-10928 was published May 24, 2022
Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow... Critical Unreviewed
CVE-2019-6698 was published May 24, 2022
Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and... Critical Unreviewed
CVE-2019-15497 was published May 24, 2022
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses... Critical Unreviewed
CVE-2019-14943 was published May 24, 2022
The Eques elf smart plug and the mobile app use a hardcoded AES 256 bit key to encrypt the... High Unreviewed
CVE-2019-15745 was published May 24, 2022
The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13# password for the... High Unreviewed
CVE-2019-15867 was published May 24, 2022
TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial... High Unreviewed
CVE-2019-13473 was published May 24, 2022
Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE... Critical Unreviewed
CVE-2019-11898 was published May 24, 2022
Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN... High Unreviewed
CVE-2019-13530 was published May 24, 2022
ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML... High Unreviewed
CVE-2019-16313 was published May 24, 2022
TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial... High Unreviewed
CVE-2019-13474 was published May 24, 2022
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a... Moderate Unreviewed
CVE-2019-10990 was published May 24, 2022
CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a... Critical Unreviewed
CVE-2019-13658 was published May 24, 2022
The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to... High Unreviewed
CVE-2019-15017 was published May 24, 2022
In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and... High Unreviewed
CVE-2019-15015 was published May 24, 2022
CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default... High Unreviewed
CVE-2019-13657 was published May 24, 2022
Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc... Critical Unreviewed
CVE-2016-2357 was published May 24, 2022
Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts... Critical Unreviewed
CVE-2016-2358 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database