GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
148 advisories
Filter by severity
AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows...
Critical
Unreviewed
CVE-2020-21994
was published
May 24, 2022
Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01...
Critical
Unreviewed
CVE-2021-27734
was published
May 24, 2022
An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the...
Critical
Unreviewed
CVE-2020-12061
was published
May 24, 2022
In SapphireIMS 5.0, it is possible to take over an account by sending a request to the...
Critical
Unreviewed
CVE-2020-25566
was published
May 24, 2022
Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials.
Critical
Unreviewed
CVE-2021-40520
was published
May 24, 2022
The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain...
Critical
Unreviewed
CVE-2021-28171
was published
May 24, 2022
Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker...
Critical
Unreviewed
CVE-2022-31887
was published
Jun 29, 2022
Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS...
Critical
Unreviewed
CVE-2021-41506
was published
Jul 1, 2022
An attacker with weak credentials could access the TCP port via an open FTP port, allowing an...
Critical
Unreviewed
CVE-2022-2103
was published
Jun 25, 2022
The web application on Agilia Link+ version 3.0 implements authentication and session management...
Critical
Unreviewed
CVE-2021-23196
was published
Jan 22, 2022
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU...
Critical
Unreviewed
CVE-2021-20597
was published
May 24, 2022
Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may...
Critical
Unreviewed
CVE-2022-30601
was published
Aug 19, 2022
In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in...
Critical
Unreviewed
CVE-2019-11402
was published
May 24, 2022
ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in...
Critical
Unreviewed
CVE-2019-5505
was published
May 24, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account.
Critical
Unreviewed
CVE-2020-15347
was published
Sep 30, 2022
In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549).
Critical
Unreviewed
CVE-2020-26101
was published
May 24, 2022
In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554).
Critical
Unreviewed
CVE-2020-26105
was published
May 24, 2022
Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921...
Critical
Unreviewed
CVE-2020-27555
was published
May 24, 2022
The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve...
Critical
Unreviewed
CVE-2020-26508
was published
May 24, 2022
Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed...
Critical
Unreviewed
CVE-2020-26510
was published
May 24, 2022
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P,...
Critical
Unreviewed
CVE-2020-29054
was published
May 24, 2022
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P,...
Critical
Unreviewed
CVE-2020-29058
was published
May 24, 2022
Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11)...
Critical
Unreviewed
CVE-2020-28929
was published
May 24, 2022
A sensitive information disclosure vulnerability in Kyland KPS2204 6 Port Managed Din-Rail...
Critical
Unreviewed
CVE-2020-25011
was published
May 24, 2022
A password-disclosure issue in the web interface on certain TP-Link devices allows a remote...
Critical
Unreviewed
CVE-2020-35575
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API