Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,873
Erlang
37
GitHub Actions
36
Go
2,518
Maven
5,000+
npm
4,156
NuGet
736
pip
3,955
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,327 advisories

Loading
Akkadian Provisioning Manager Engine (PME) ships with a hard-coded credential, akkadianuser... Critical Unreviewed
CVE-2021-31579 was published May 24, 2022
TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related... Critical Unreviewed
CVE-2021-37555 was published May 24, 2022
Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an undocumented account with... High Unreviewed
CVE-2020-5351 was published May 24, 2022
Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7... Moderate Unreviewed
CVE-2021-27503 was published May 24, 2022
An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus... Critical Unreviewed
CVE-2021-37163 was published May 24, 2022
Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a... Critical Unreviewed
CVE-2021-27952 was published May 24, 2022
SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server. This... High Unreviewed
CVE-2020-25561 was published May 24, 2022
A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below,... Critical Unreviewed
CVE-2021-32588 was published May 24, 2022
Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron... High Unreviewed
CVE-2021-39245 was published May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** D-Link DSR-500N version 1.02 contains hard-coded credentials for... Critical Unreviewed
CVE-2021-39615 was published May 24, 2022
D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc... Critical Unreviewed
CVE-2021-39614 was published May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E... Critical Unreviewed
CVE-2021-39613 was published May 24, 2022
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials,... Moderate Unreviewed
CVE-2021-29728 was published May 24, 2022
Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt... Moderate Unreviewed
CVE-2021-36234 was published May 24, 2022
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with... Critical Unreviewed
CVE-2021-34565 was published May 24, 2022
AdaptiveScale LXDUI Hardcoded JWT Secret Key Critical
CVE-2021-40494 was published for lxdui (pip) May 24, 2022
An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can... High Unreviewed
CVE-2021-33484 was published May 24, 2022
BAB TECHNOLOGIE GmbH eibPort V3. Each device has its own unique hard coded and weak root SSH key... High Unreviewed
CVE-2021-28912 was published May 24, 2022
A vulnerability involving insecure storage of sensitive information has been reported to affect... High Unreviewed
CVE-2021-28813 was published May 24, 2022
Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an... Moderate Unreviewed
CVE-2021-34571 was published May 24, 2022
IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic... Critical Unreviewed
CVE-2020-4690 was published May 24, 2022
An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR... Critical Unreviewed
CVE-2021-21913 was published May 24, 2022
REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in... Critical Unreviewed
CVE-2021-33583 was published May 24, 2022
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only... High Unreviewed
CVE-2021-41827 was published May 24, 2022
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with... High Unreviewed
CVE-2021-41828 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database