Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,327 advisories

Loading
VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded... Critical Unreviewed
CVE-2023-45499 was published Oct 27, 2023
Dromara Lamp-Cloud Use of Hard-coded Cryptographic Key High
CVE-2023-31579 was published for top.tangyh.basic:lamp-core (Maven) Nov 3, 2023
Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is... Critical Unreviewed
CVE-2023-5777 was published Nov 6, 2023
Symmetric encryption used to protect messages between the AppsAnywhere server and client can be... High Unreviewed
CVE-2023-41137 was published Nov 9, 2023
Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the... Critical Unreviewed
CVE-2023-47800 was published Nov 10, 2023
A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7... Moderate Unreviewed
CVE-2023-33304 was published Nov 14, 2023
A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 -... Moderate Unreviewed
CVE-2023-40719 was published Nov 14, 2023
First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated... Critical Unreviewed
CVE-2023-47213 was published Nov 16, 2023
Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability. A local... High Unreviewed
CVE-2023-44296 was published Nov 16, 2023
Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES... High Unreviewed
CVE-2023-48053 was published Nov 16, 2023
SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This... High Unreviewed
CVE-2023-48055 was published Nov 16, 2023
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT... High Unreviewed
CVE-2023-47315 was published Nov 22, 2023
The FACSChorus software contains sensitive information stored in plaintext. A threat actor could... Moderate Unreviewed
CVE-2023-29064 was published Nov 28, 2023
Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain hardcoded credentials... Critical Unreviewed
CVE-2023-23324 was published Nov 29, 2023
The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3... Low Unreviewed
CVE-2023-28895 was published Dec 1, 2023
When configured in debugging mode by an authenticated user with administrative... High Unreviewed
CVE-2023-40463 was published Dec 5, 2023
Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate... High Unreviewed
CVE-2023-40464 was published Dec 5, 2023
Unitronics Vision Series PLCs and HMIs use default administrative passwords. An unauthenticated... Critical Unreviewed
CVE-2023-6448 was published Dec 5, 2023
The affected devices use publicly available default credentials with administrative privileges. Critical Unreviewed
CVE-2023-39169 was published Dec 7, 2023
The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard... High Unreviewed
CVE-2023-33413 was published Dec 7, 2023
NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key. Critical Unreviewed
CVE-2023-40300 was published Dec 7, 2023
A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion... High Unreviewed
CVE-2023-36647 was published Dec 12, 2023
Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login... High Unreviewed
CVE-2023-36651 was published Dec 12, 2023
Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for... Moderate Unreviewed
CVE-2023-43583 was published Dec 14, 2023
SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard... Moderate Unreviewed
CVE-2023-48374 was published Dec 15, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database