Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,154
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,327 advisories

Loading
Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that... Critical Unreviewed
CVE-2016-2360 was published May 24, 2022
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU... Critical Unreviewed
CVE-2019-14926 was published May 24, 2022
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU... Critical Unreviewed
CVE-2019-14930 was published May 24, 2022
The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4.104 is shipped with a... High Unreviewed
CVE-2018-18929 was published May 24, 2022
Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local... High Unreviewed
CVE-2019-16207 was published May 24, 2022
Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow... Moderate Unreviewed
CVE-2018-9195 was published May 24, 2022
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup... Moderate Unreviewed
CVE-2019-6693 was published May 24, 2022
FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml. Critical Unreviewed
CVE-2019-19492 was published May 24, 2022
The express install, which is the suggested way to install Puppet Enterprise, gives the user a... High Unreviewed
CVE-2019-10694 was published May 24, 2022
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code... High Unreviewed
CVE-2019-3983 was published May 24, 2022
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager ... High Unreviewed
CVE-2019-15976 was published May 24, 2022
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager ... High Unreviewed
CVE-2019-15977 was published May 24, 2022
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager ... High Unreviewed
CVE-2019-15975 was published May 24, 2022
keycloak vulnerable to unauthorized login via mail server setup Critical
CVE-2019-14837 was published for org.keycloak:keycloak-core (Maven) May 24, 2022
jhutchings1
KMS Controls BAC-A1616BC BACnet devices have a cleartext password of snowman in the BACKDOOR_NAME... High Unreviewed
CVE-2020-7233 was published May 24, 2022
CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption... Low Unreviewed
CVE-2020-6857 was published May 24, 2022
In IXP EasyInstall 6.2.13723, there are cleartext credentials in network communication on TCP... Moderate Unreviewed
CVE-2019-19898 was published May 24, 2022
An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded... Moderate Unreviewed
CVE-2020-8657 was published May 24, 2022
A remote code execution vulnerability exists in Microsoft Exchange software when the software... High Unreviewed
CVE-2020-0688 was published May 24, 2022
The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the... Moderate Unreviewed
CVE-2019-5137 was published May 24, 2022
An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of... Low Unreviewed
CVE-2019-5139 was published May 24, 2022
This vulnerability allows network-adjacent attackers execute arbitrary code on affected... Moderate Unreviewed
CVE-2020-10884 was published May 24, 2022
IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or... Moderate Unreviewed
CVE-2020-4269 was published May 24, 2022
airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242... Moderate Unreviewed
CVE-2020-11876 was published May 24, 2022
An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.42. A bundled script... Moderate Unreviewed
CVE-2020-10996 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database