Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,154
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,291 advisories

Loading
Multiple globally default credentials exist across all CMS8000 devices, that once exposed, allow... Moderate Unreviewed
CVE-2022-38069 was published Sep 14, 2022
WAPPLES through 6.0 has a hardcoded systemi account accessible via db/wp.no1 (as configured in... Critical Unreviewed
CVE-2022-35413 was published Sep 14, 2022
Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges... High Unreviewed
CVE-2022-31322 was published Sep 14, 2022
Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions... Critical Unreviewed
CVE-2022-38394 was published Sep 9, 2022
bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded... High Unreviewed
CVE-2022-37857 was published Sep 9, 2022
In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded password for root in /etc/shadow... High Unreviewed
CVE-2022-37841 was published Sep 7, 2022
In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is... Critical Unreviewed
CVE-2022-40111 was published Sep 7, 2022
Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config... Critical Unreviewed
CVE-2022-36672 was published Sep 2, 2022
Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056,... Critical Unreviewed
CVE-2022-30318 was published Sep 1, 2022
Le-yan Personnel and Salary Management System has hard-coded database account and password within... Critical Unreviewed
CVE-2022-38116 was published Aug 31, 2022
Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root... Critical Unreviewed
CVE-2022-36558 was published Aug 30, 2022
Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded... Critical Unreviewed
CVE-2022-36560 was published Aug 30, 2022
TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root... High Unreviewed
CVE-2022-36612 was published Aug 29, 2022
TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at ... High Unreviewed
CVE-2022-36610 was published Aug 29, 2022
TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a... High Unreviewed
CVE-2022-36616 was published Aug 29, 2022
TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at... High Unreviewed
CVE-2022-36611 was published Aug 29, 2022
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at... High Unreviewed
CVE-2022-36613 was published Aug 29, 2022
TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at... High Unreviewed
CVE-2022-36614 was published Aug 29, 2022
TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root... High Unreviewed
CVE-2022-36615 was published Aug 29, 2022
D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d... Critical Unreviewed
CVE-2022-38557 was published Aug 29, 2022
Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d... Critical Unreviewed
CVE-2022-38556 was published Aug 29, 2022
Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that... High Unreviewed
CVE-2022-31269 was published Aug 26, 2022
MA Lighting grandMA2 Light has a password of root for the root account. NOTE: The vendor's... High Unreviewed
CVE-2022-30036 was published Aug 22, 2022
MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end and can lead to escalation of... High Unreviewed
CVE-2022-36170 was published Aug 20, 2022
MapGIS IGServer 10.5.6.11 is vulnerable to Arbitrary file deletion. High Unreviewed
CVE-2022-36171 was published Aug 20, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database