Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,167 advisories

Loading
A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote... Critical Unreviewed
CVE-2015-2867 was published May 17, 2022
Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default passwords for the sa and... Critical Unreviewed
CVE-2016-6530 was published May 17, 2022
A hard-coded password vulnerability exists in the libcommonprod.so prod_change_root_passwd... Critical Unreviewed
CVE-2022-22144 was published Aug 6, 2022
A hard-coded cryptographic key is used in FileWave before 14.6.3 and 14.7.x before 14.7.2.... High Unreviewed
CVE-2022-34906 was published Jul 26, 2022
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29... Moderate Unreviewed
CVE-2022-29963 was published Jul 27, 2022
The Motorola ACE1000 RTU through 2022-05-02 has default credentials. It exposes an SSH interface... Critical Unreviewed
CVE-2022-30270 was published Jul 27, 2022
The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with... Critical Unreviewed
CVE-2022-30274 was published Jul 27, 2022
In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the... Critical Unreviewed
CVE-2022-36952 was published Jul 28, 2022
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0,... Critical Unreviewed
CVE-2016-7560 was published May 17, 2022
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which... Critical Unreviewed
CVE-2016-6535 was published May 17, 2022
IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via... High Unreviewed
CVE-2016-2948 was published May 17, 2022
Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in... Moderate Unreviewed
CVE-2020-9289 was published May 24, 2022
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote,... Critical Unreviewed
CVE-2022-28812 was published Sep 29, 2022
DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers... Critical Unreviewed
CVE-2016-6532 was published May 17, 2022
ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, which makes it easier for... Critical Unreviewed
CVE-2016-5081 was published May 17, 2022
Use of Hard-coded Credentials in AgileConfig.Client Critical
CVE-2022-35540 was published for AgileConfig.Client (NuGet) Aug 19, 2022
Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges... High Unreviewed
CVE-2022-31322 was published Sep 14, 2022
D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet... Critical Unreviewed
CVE-2018-20432 was published May 24, 2022
In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow... Critical Unreviewed
CVE-2022-38823 was published Sep 17, 2022
The affected products store both public and private key that are used to sign and protect Custom... Critical Unreviewed
CVE-2022-3927 was published Jan 6, 2023
Hardcoded credential is found in affected products' message queue. An attacker that manages to... Moderate Unreviewed
CVE-2022-3928 was published Jan 6, 2023
MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end and can lead to escalation of... High Unreviewed
CVE-2022-36170 was published Aug 20, 2022
A weak default administrator password for the web interface and serial port was reported in some... High Unreviewed
CVE-2021-42850 was published May 19, 2022
Prima Systems FlexAir devices have Hard-coded Credentials. High Unreviewed
CVE-2019-7672 was published May 24, 2022
Linear eMerge E3-Series devices have Hard-coded Credentials. Critical Unreviewed
CVE-2019-7261 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database