Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,154
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,327 advisories

Loading
In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is... Critical Unreviewed
CVE-2022-40111 was published Sep 7, 2022
bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded... High Unreviewed
CVE-2022-37857 was published Sep 9, 2022
Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions... Critical Unreviewed
CVE-2022-38394 was published Sep 9, 2022
WAPPLES through 6.0 has a hardcoded systemi account accessible via db/wp.no1 (as configured in... Critical Unreviewed
CVE-2022-35413 was published Sep 14, 2022
Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges... High Unreviewed
CVE-2022-31322 was published Sep 14, 2022
Multiple globally default credentials exist across all CMS8000 devices, that once exposed, allow... Moderate Unreviewed
CVE-2022-38069 was published Sep 14, 2022
Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to... Critical Unreviewed
CVE-2022-3214 was published Sep 17, 2022
In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow... Critical Unreviewed
CVE-2022-38823 was published Sep 17, 2022
Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for... High Unreviewed
CVE-2022-36159 was published Sep 27, 2022
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote,... Critical Unreviewed
CVE-2022-22522 was published Sep 29, 2022
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote,... Critical Unreviewed
CVE-2022-28812 was published Sep 29, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem. Moderate Unreviewed
CVE-2020-15326 was published Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication. High Unreviewed
CVE-2020-15327 was published Sep 30, 2022
A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and... Moderate Unreviewed
CVE-2022-20844 was published Oct 1, 2022
FlyteAdmin's Default OAuth Authorization Server secret must be rotated High
CVE-2022-39273 was published for github.com/flyteorg/flyteadmin (Go) Oct 5, 2022
Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An... High Unreviewed
CVE-2022-34425 was published Oct 11, 2022
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a... High Unreviewed
CVE-2022-38420 was published Oct 15, 2022
go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key. Critical Unreviewed
CVE-2022-42980 was published Oct 17, 2022
The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when... Moderate Unreviewed
CVE-2022-41540 was published Oct 18, 2022
In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to... High Unreviewed
CVE-2022-42176 was published Oct 20, 2022
Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle ... High Unreviewed
CVE-2021-4228 was published Oct 24, 2022
A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc.... Critical Unreviewed
CVE-2022-29889 was published Oct 25, 2022
An authentication bypass vulnerability exists in the web interface /action/factory* functionality... Critical Unreviewed
CVE-2022-29477 was published Oct 25, 2022
A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco... High Unreviewed
CVE-2022-20868 was published Nov 4, 2022
BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited... High Unreviewed
CVE-2022-40263 was published Nov 5, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database