Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

430 advisories

Loading
D-Link DAP-2622 Telnet CLI Use of Hardcoded Credentials Authentication Bypass Vulnerability. This... High Unreviewed
CVE-2023-35724 was published May 3, 2024
Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address... High Unreviewed
CVE-2024-3544 was published May 2, 2024
ThinkAdmin Admin Panel Access using Default Credentials High
CVE-2020-35296 was published for zoujingli/thinkadmin (Composer) May 24, 2022
Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation... High Unreviewed
CVE-2024-29966 was published Apr 19, 2024
Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded keys used by Docker to reach... High Unreviewed
CVE-2024-29963 was published Apr 19, 2024
In the Brocade SANnav server versions before v2.3.1 and v2.3.0a, the SSH keys inside the OVA... High Unreviewed
CVE-2024-29960 was published Apr 19, 2024
SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function. High Unreviewed
CVE-2023-41713 was published Oct 18, 2023
Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One... High Unreviewed
CVE-2023-31808 was published Sep 19, 2023
Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a... High Unreviewed
CVE-2022-2660 was published Dec 14, 2022
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which... High Unreviewed
CVE-2024-31873 was published Apr 10, 2024
Azure AI Search Information Disclosure Vulnerability High Unreviewed
CVE-2024-29063 was published Apr 9, 2024
The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers... High Unreviewed
CVE-2023-45226 was published Oct 10, 2023
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only... High Unreviewed
CVE-2023-36380 was published Oct 10, 2023
All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device... High Unreviewed
CVE-2022-47891 was published Oct 3, 2023
Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key... High Unreviewed
CVE-2023-43637 was published Sep 21, 2023
An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password. High Unreviewed
CVE-2023-41595 was published Sep 18, 2023
An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain... High Unreviewed
CVE-2023-42328 was published Sep 18, 2023
A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may... High Unreviewed
CVE-2023-40717 was published Sep 13, 2023
The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of... High Unreviewed
CVE-2023-39421 was published Sep 7, 2023
The RDPCore.dll component as used in the IRM Next Generation booking engine, allows a remote user... High Unreviewed
CVE-2023-39420 was published Sep 7, 2023
Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions... High Unreviewed
CVE-2023-32619 was published Sep 6, 2023
Use of Hard-coded Credentials vulnerability in Schweitzer Engineering Laboratories SEL-5037 SEL... High Unreviewed
CVE-2023-31173 was published Aug 31, 2023
Motorola MBTS Base Radio accepts hard-coded backdoor password. The Motorola MBTS Base Radio Man... High Unreviewed
CVE-2023-23771 was published Aug 29, 2023
The LMS5xx uses hard-coded credentials, which potentially allow low-skilled unauthorized remote... High Unreviewed
CVE-2023-4419 was published Aug 24, 2023
EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were... High Unreviewed
CVE-2023-37426 was published Aug 22, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database