Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,326 advisories

Loading
IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via... High Unreviewed
CVE-2016-2948 was published May 17, 2022
Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in... Moderate Unreviewed
CVE-2020-9289 was published May 24, 2022
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote,... Critical Unreviewed
CVE-2022-28812 was published Sep 29, 2022
DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers... Critical Unreviewed
CVE-2016-6532 was published May 17, 2022
ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, which makes it easier for... Critical Unreviewed
CVE-2016-5081 was published May 17, 2022
Use of Hard-coded Credentials in AgileConfig.Client Critical
CVE-2022-35540 was published for AgileConfig.Client (NuGet) Aug 19, 2022
Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges... High Unreviewed
CVE-2022-31322 was published Sep 14, 2022
D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet... Critical Unreviewed
CVE-2018-20432 was published May 24, 2022
In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow... Critical Unreviewed
CVE-2022-38823 was published Sep 17, 2022
The affected products store both public and private key that are used to sign and protect Custom... Critical Unreviewed
CVE-2022-3927 was published Jan 6, 2023
Hardcoded credential is found in affected products' message queue. An attacker that manages to... Moderate Unreviewed
CVE-2022-3928 was published Jan 6, 2023
MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end and can lead to escalation of... High Unreviewed
CVE-2022-36170 was published Aug 20, 2022
A weak default administrator password for the web interface and serial port was reported in some... High Unreviewed
CVE-2021-42850 was published May 19, 2022
Prima Systems FlexAir devices have Hard-coded Credentials. High Unreviewed
CVE-2019-7672 was published May 24, 2022
Linear eMerge E3-Series devices have Hard-coded Credentials. Critical Unreviewed
CVE-2019-7261 was published May 24, 2022
A CWE-798 use of hardcoded credentials vulnerability exists in BMX-NOR-0200H with firmware... High Unreviewed
CVE-2019-6812 was published May 24, 2022
Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH). Critical Unreviewed
CVE-2019-7265 was published May 24, 2022
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a... Critical Unreviewed
CVE-2022-29644 was published May 19, 2022
A vulnerability has been identified in LOGO!8 BM (All versions). Project data stored on the... High Unreviewed
CVE-2019-10920 was published May 24, 2022
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a... Critical Unreviewed
CVE-2022-29645 was published May 19, 2022
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom telnet... Critical Unreviewed
CVE-2017-8415 was published May 24, 2022
Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network... Moderate Unreviewed
CVE-2022-34840 was published Dec 7, 2022
In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is... High Unreviewed
CVE-2021-44720 was published Aug 13, 2022
Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin... High Unreviewed
CVE-2022-36222 was published Dec 21, 2022
A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate... Moderate Unreviewed
CVE-2022-4611 was published Dec 19, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database