Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,154
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,291 advisories

Loading
Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports,... Critical Unreviewed
CVE-2022-1400 was published Aug 18, 2022
'Hulu / ????' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded... High Unreviewed
CVE-2022-35734 was published Aug 17, 2022
In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is... High Unreviewed
CVE-2021-44720 was published Aug 13, 2022
TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample. Critical Unreviewed
CVE-2022-35491 was published Aug 11, 2022
A hard-coded password vulnerability exists in the libcommonprod.so prod_change_root_passwd... Critical Unreviewed
CVE-2022-22144 was published Aug 6, 2022
OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine... Critical Unreviewed
CVE-2022-32965 was published Aug 5, 2022
Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc... Critical Unreviewed
CVE-2022-34993 was published Aug 5, 2022
This vulnerability allows remote attackers to bypass authentication on affected installations of... Critical Unreviewed
CVE-2022-35866 was published Aug 4, 2022
Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key. Critical Unreviewed
CVE-2021-22644 was published Jul 29, 2022
Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022... Moderate Unreviewed
CVE-2022-30314 was published Jul 29, 2022
In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the... Critical Unreviewed
CVE-2022-36952 was published Jul 28, 2022
The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a... Critical Unreviewed
CVE-2022-29953 was published Jul 27, 2022
Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for... Moderate Unreviewed
CVE-2022-29960 was published Jul 27, 2022
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29... Moderate Unreviewed
CVE-2022-29964 was published Jul 27, 2022
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29... Moderate Unreviewed
CVE-2022-29963 was published Jul 27, 2022
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29... Moderate Unreviewed
CVE-2022-29962 was published Jul 27, 2022
The Motorola ACE1000 RTU through 2022-05-02 has default credentials. It exposes an SSH interface... Critical Unreviewed
CVE-2022-30270 was published Jul 27, 2022
The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and... Critical Unreviewed
CVE-2022-30271 was published Jul 27, 2022
The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with... Critical Unreviewed
CVE-2022-30274 was published Jul 27, 2022
IBM Security Verify Information Queue 10.0.2 contains hard-coded credentials, such as a password... High Unreviewed
CVE-2022-35287 was published Jul 26, 2022
A hard-coded cryptographic key is used in FileWave before 14.6.3 and 14.7.x before 14.7.2.... High Unreviewed
CVE-2022-34906 was published Jul 26, 2022
Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow... Critical Unreviewed
CVE-2022-24657 was published Jul 21, 2022
Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption... Critical Unreviewed
CVE-2022-34045 was published Jul 21, 2022
The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a... Critical Unreviewed
CVE-2022-26138 was published Jul 21, 2022
The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to... Critical Unreviewed
CVE-2022-2107 was published Jul 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database