Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,291 advisories

Loading
Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism.... High Unreviewed
CVE-2022-36925 was published Jan 9, 2023
Hardcoded credential is found in affected products' message queue. An attacker that manages to... Moderate Unreviewed
CVE-2022-3928 was published Jan 6, 2023
In the DES implementation, the affected product versions use a default key for encryption.... Critical Unreviewed
CVE-2021-40342 was published Jan 6, 2023
The affected products store both public and private key that are used to sign and protect Custom... Critical Unreviewed
CVE-2022-3927 was published Jan 6, 2023
Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator credentials. An... Critical Unreviewed
CVE-2022-47618 was published Jan 3, 2023
A vulnerability, which was classified as critical, has been found in taoeffect Empress. Affected... Critical Unreviewed
CVE-2014-125030 was published Jan 1, 2023
ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX... High Unreviewed
CVE-2022-4780 was published Dec 29, 2022
Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An... High Unreviewed
CVE-2022-45425 was published Dec 27, 2022
Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin... High Unreviewed
CVE-2022-36222 was published Dec 21, 2022
Common encryption key appears to be used across all deployed instances of Serv-U FTP Server.... High Unreviewed
CVE-2021-35252 was published Dec 20, 2022
A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate... Moderate Unreviewed
CVE-2022-4611 was published Dec 19, 2022
Mutiny 7.2.0-10788 suffers from Hardcoded root password. Critical Unreviewed
CVE-2022-37832 was published Dec 17, 2022
Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to an... Critical Unreviewed
CVE-2022-41653 was published Dec 14, 2022
Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a... High Unreviewed
CVE-2022-2660 was published Dec 14, 2022
Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network... Moderate Unreviewed
CVE-2022-34840 was published Dec 7, 2022
MegaRAC Default Credentials Vulnerability Critical Unreviewed
CVE-2022-40242 was published Dec 6, 2022
AMI MegaRAC Redfish Arbitrary Code Execution Critical Unreviewed
CVE-2022-40259 was published Dec 6, 2022
When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server.... Critical Unreviewed
CVE-2022-38337 was published Dec 6, 2022
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through... High Unreviewed
CVE-2022-46411 was published Dec 4, 2022
Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows... Critical Unreviewed
CVE-2022-44097 was published Nov 30, 2022
Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows... Critical Unreviewed
CVE-2022-44096 was published Nov 30, 2022
RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical... Low Unreviewed
CVE-2022-32967 was published Nov 29, 2022
A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the... Critical Unreviewed
CVE-2022-41157 was published Nov 25, 2022
Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions... High Unreviewed
CVE-2022-29827 was published Nov 25, 2022
Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions... Critical Unreviewed
CVE-2022-29830 was published Nov 25, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database