GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
166 advisories
Filter by severity
Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for...
Moderate
Unreviewed
CVE-2022-29960
was published
Jul 27, 2022
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES...
Moderate
Unreviewed
CVE-2022-25807
was published
Jun 10, 2022
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the...
Moderate
Unreviewed
CVE-2021-42892
was published
Jun 4, 2022
In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, hard-coded credentials in the...
Moderate
Unreviewed
CVE-2020-27278
was published
May 24, 2022
A hard-coded password vulnerability exists in the SFTP Log Collection Server function of Trend...
Moderate
Unreviewed
CVE-2021-32459
was published
May 24, 2022
A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions...
Moderate
Unreviewed
CVE-2019-6859
was published
May 24, 2022
IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could...
Moderate
Unreviewed
CVE-2019-4220
was published
May 24, 2022
** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt...
Moderate
Unreviewed
CVE-2021-43575
was published
May 24, 2022
A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 (64-bit edition) with...
Moderate
Unreviewed
CVE-2021-41320
was published
May 24, 2022
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an...
Moderate
Unreviewed
CVE-2021-34744
was published
May 24, 2022
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an...
Moderate
Unreviewed
CVE-2021-34757
was published
May 24, 2022
Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an...
Moderate
Unreviewed
CVE-2021-34571
was published
May 24, 2022
Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt...
Moderate
Unreviewed
CVE-2021-36234
was published
May 24, 2022
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials,...
Moderate
Unreviewed
CVE-2021-29728
was published
May 24, 2022
Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7...
Moderate
Unreviewed
CVE-2021-27503
was published
May 24, 2022
IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or...
Moderate
Unreviewed
CVE-2021-20537
was published
May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Business Process...
Moderate
Unreviewed
CVE-2021-1576
was published
May 24, 2022
ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in...
Moderate
Unreviewed
CVE-2021-27481
was published
May 24, 2022
An issue was discovered on Enphase Envoy R3.x and D4.x devices. There are hardcoded web-panel...
Moderate
Unreviewed
CVE-2020-25752
was published
May 24, 2022
A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a...
Moderate
Unreviewed
CVE-2021-3565
was published
May 24, 2022
A security vulnerability in HPE Unified Data Management (UDM) could allow the local disclosure of...
Moderate
Unreviewed
CVE-2021-26579
was published
May 24, 2022
The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to...
Moderate
Unreviewed
CVE-2020-35137
was published
May 24, 2022
Use of hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and...
Moderate
Unreviewed
CVE-2020-12376
was published
May 24, 2022
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a hard-coded physician PIN...
Moderate
Unreviewed
CVE-2020-27256
was published
May 24, 2022
A vulnerability has been identified in SCALANCE X-300 switch family (incl. X408 and SIPLUS NET...
Moderate
Unreviewed
CVE-2020-28395
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API