Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,154
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,291 advisories

Loading
Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions... High Unreviewed
CVE-2022-29828 was published Nov 25, 2022
Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1... High Unreviewed
CVE-2022-29831 was published Nov 25, 2022
Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions... High Unreviewed
CVE-2022-29829 was published Nov 25, 2022
Use of Hard-coded Password vulnerability in Mitsubishi Electric GX Works3 all versions allows an... High Unreviewed
CVE-2022-29825 was published Nov 25, 2022
A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote... Critical Unreviewed
CVE-2022-40602 was published Nov 22, 2022
In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus... Moderate Unreviewed
CVE-2021-34577 was published Nov 9, 2022
Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: ... High Unreviewed
CVE-2022-37710 was published Nov 7, 2022
BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited... High Unreviewed
CVE-2022-40263 was published Nov 5, 2022
A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco... High Unreviewed
CVE-2022-20868 was published Nov 4, 2022
A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc.... Critical Unreviewed
CVE-2022-29889 was published Oct 25, 2022
An authentication bypass vulnerability exists in the web interface /action/factory* functionality... Critical Unreviewed
CVE-2022-29477 was published Oct 25, 2022
Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle ... High Unreviewed
CVE-2021-4228 was published Oct 24, 2022
In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to... High Unreviewed
CVE-2022-42176 was published Oct 20, 2022
The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when... Moderate Unreviewed
CVE-2022-41540 was published Oct 18, 2022
go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key. Critical Unreviewed
CVE-2022-42980 was published Oct 17, 2022
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a... High Unreviewed
CVE-2022-38420 was published Oct 15, 2022
Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An... High Unreviewed
CVE-2022-34425 was published Oct 11, 2022
A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and... Moderate Unreviewed
CVE-2022-20844 was published Oct 1, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem. Moderate Unreviewed
CVE-2020-15326 was published Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication. High Unreviewed
CVE-2020-15327 was published Sep 30, 2022
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote,... Critical Unreviewed
CVE-2022-22522 was published Sep 29, 2022
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote,... Critical Unreviewed
CVE-2022-28812 was published Sep 29, 2022
Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for... High Unreviewed
CVE-2022-36159 was published Sep 27, 2022
In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow... Critical Unreviewed
CVE-2022-38823 was published Sep 17, 2022
Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to... Critical Unreviewed
CVE-2022-3214 was published Sep 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database