Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,326 advisories

Loading
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an... Moderate Unreviewed
CVE-2021-34744 was published May 24, 2022
A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader... High Unreviewed
CVE-2020-7498 was published May 24, 2022
An issue was discovered in MK-AUTH 19.01. There is authentication bypass in the web login... High Unreviewed
CVE-2020-14070 was published May 24, 2022
The ifmap service that comes bundled with Juniper Networks Contrail releases uses hard coded... Moderate Unreviewed
CVE-2017-10616 was published May 13, 2022
ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such that an attacker (who does... Critical Unreviewed
CVE-2021-36751 was published Jan 3, 2022
A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in... Low Unreviewed
CVE-2020-7515 was published May 24, 2022
The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks... High Unreviewed
CVE-2021-0266 was published May 24, 2022
Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an undocumented account with... High Unreviewed
CVE-2020-5351 was published May 24, 2022
Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism.... High Unreviewed
CVE-2022-36925 was published Jan 9, 2023
The client (aka GalaxyClientService.exe) in GOG GALAXY 2.0.19 allows local privilege escalation... Moderate Unreviewed
CVE-2020-24574 was published May 24, 2022
GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for... High Unreviewed
CVE-2020-14510 was published May 24, 2022
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a... High Unreviewed
CVE-2022-38420 was published Oct 15, 2022
Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An... Critical Unreviewed
CVE-2020-26879 was published May 24, 2022
Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process)... High Unreviewed
CVE-2020-16258 was published May 24, 2022
NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the... High Unreviewed
CVE-2020-11615 was published May 24, 2022
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC... Critical Unreviewed
CVE-2020-11483 was published May 24, 2022
In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to... Moderate Unreviewed
CVE-2020-24115 was published May 24, 2022
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is... Critical Unreviewed
CVE-2020-28329 was published May 24, 2022
NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. DGX-2 with BMC firmware... High Unreviewed
CVE-2020-11487 was published May 24, 2022
Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance... Critical Unreviewed
CVE-2020-11854 was published May 24, 2022
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and... High Unreviewed
CVE-2020-29382 was published May 24, 2022
An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version... Critical Unreviewed
CVE-2020-11857 was published May 24, 2022
Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a... Moderate Unreviewed
CVE-2020-5667 was published May 24, 2022
Unisys Stealth(core) before 4.0.132 stores Passwords in a Recoverable Format. High Unreviewed
CVE-2020-24620 was published May 24, 2022
In the Broadcom Nexus firmware, there is an insecure default password. This could lead to local... High Unreviewed
CVE-2020-0016 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database