Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,327 advisories

Loading
An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain... High Unreviewed
CVE-2023-42328 was published Sep 18, 2023
Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated... Moderate Unreviewed
CVE-2023-41030 was published Sep 18, 2023
** UNSUPPPORTED WHEN ASSIGNED ** Devices ekorCCP and ekorRCI are vulnerable due to access to the... Critical Unreviewed
CVE-2022-47558 was published Sep 19, 2023
Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One... High Unreviewed
CVE-2023-31808 was published Sep 19, 2023
Use of a static key to protect a JWT token used in user authentication can allow an for an... Critical Unreviewed
CVE-2023-5074 was published Sep 20, 2023
Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key... High Unreviewed
CVE-2023-43637 was published Sep 21, 2023
Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could... High Unreviewed
CVE-2023-20034 was published Sep 27, 2023
Microweber uses hard coded credentials Moderate
CVE-2023-5318 was published for microweber/microweber (Composer) Sep 30, 2023
All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device... High Unreviewed
CVE-2022-47891 was published Oct 3, 2023
Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation... Critical Unreviewed
CVE-2023-2809 was published Oct 4, 2023
A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to... Critical Unreviewed
CVE-2023-20101 was published Oct 4, 2023
Qognify NiceVision versions 3.1 and prior are vulnerable to exposing sensitive information... Critical Unreviewed
CVE-2023-2306 was published Oct 5, 2023
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only... High Unreviewed
CVE-2023-36380 was published Oct 10, 2023
The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers... High Unreviewed
CVE-2023-45226 was published Oct 10, 2023
All versions of the qBittorrent client through 4.5.5 use default credentials when the web user... Critical Unreviewed
CVE-2023-30801 was published Oct 10, 2023
Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 ... Moderate Unreviewed
CVE-2023-45194 was published Oct 11, 2023
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or... Critical Unreviewed
CVE-2023-33836 was published Oct 16, 2023
SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function. High Unreviewed
CVE-2023-41713 was published Oct 18, 2023
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or... Critical Unreviewed
CVE-2022-22466 was published Oct 23, 2023
The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk... High Unreviewed
CVE-2023-26219 was published Oct 25, 2023
Sureness uses hardcoded key Critical
CVE-2023-31581 was published for com.usthe.sureness:sureness-core (Maven) Oct 25, 2023
EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key Critical Unreviewed
CVE-2023-42492 was published Oct 25, 2023
The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify... High Unreviewed
CVE-2023-41372 was published Oct 25, 2023
The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to... High Unreviewed
CVE-2023-46102 was published Oct 25, 2023
Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/... Critical Unreviewed
CVE-2018-17558 was published Oct 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database