Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

418 advisories

Loading
TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root... High Unreviewed
CVE-2022-36615 was published Aug 29, 2022
TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a... High Unreviewed
CVE-2022-36616 was published Aug 29, 2022
TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at ... High Unreviewed
CVE-2022-36610 was published Aug 29, 2022
Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that... High Unreviewed
CVE-2022-31269 was published Aug 26, 2022
MA Lighting grandMA2 Light has a password of root for the root account. NOTE: The vendor's... High Unreviewed
CVE-2022-30036 was published Aug 22, 2022
MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end and can lead to escalation of... High Unreviewed
CVE-2022-36170 was published Aug 20, 2022
MapGIS IGServer 10.5.6.11 is vulnerable to Arbitrary file deletion. High Unreviewed
CVE-2022-36171 was published Aug 20, 2022
'Hulu / ????' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded... High Unreviewed
CVE-2022-35734 was published Aug 17, 2022
In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is... High Unreviewed
CVE-2021-44720 was published Aug 13, 2022
IBM Security Verify Information Queue 10.0.2 contains hard-coded credentials, such as a password... High Unreviewed
CVE-2022-35287 was published Jul 26, 2022
A hard-coded cryptographic key is used in FileWave before 14.6.3 and 14.7.x before 14.7.2.... High Unreviewed
CVE-2022-34906 was published Jul 26, 2022
A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5... High Unreviewed
CVE-2022-29060 was published Jul 20, 2022
This vulnerability affects all of the company's products that also include the FW versions:... High Unreviewed
CVE-2022-30627 was published Jul 19, 2022
Disclosure of information - the system allows you to view usernames and passwords without... High Unreviewed
CVE-2022-30622 was published Jul 18, 2022
Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in the Registry Editor. This... High Unreviewed
CVE-2022-32389 was published Jul 15, 2022
IBM QRadar Network Security 5.4.0 and 5.5.0 contains hard-coded credentials, such as a password... High Unreviewed
CVE-2020-4157 was published Jul 13, 2022
Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller... High Unreviewed
CVE-2022-30997 was published Jun 29, 2022
A vulnerability was found in GE Voluson S8. It has been rated as critical. This issue affects the... High Unreviewed
CVE-2020-36547 was published Jun 18, 2022
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter... High Unreviewed
CVE-2022-31619 was published Jun 15, 2022
A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum... High Unreviewed
CVE-2022-26476 was published Jun 15, 2022
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES... High Unreviewed
CVE-2022-25806 was published Jun 10, 2022
** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary... High Unreviewed
CVE-2022-29778 was published Jun 4, 2022
Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password ... High Unreviewed
CVE-2022-31462 was published Jun 3, 2022
Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded... High Unreviewed
CVE-2022-31460 was published Jun 3, 2022
An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4... High Unreviewed
CVE-2021-33014 was published May 27, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database