Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

29 advisories

Loading
A vulnerability has been identified in LOGO!8 BM (All versions). Project data stored on the... High Unreviewed
CVE-2019-10920 was published May 24, 2022
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3),... High Unreviewed
CVE-2020-25234 was published May 24, 2022
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3).... High Unreviewed
CVE-2020-25229 was published May 24, 2022
A vulnerability has been identified in Siveillance Video Open Network Bridge (2020 R3),... High Unreviewed
CVE-2021-27392 was published May 24, 2022
The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key... High Unreviewed
CVE-2021-38461 was published May 24, 2022
Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded... High Unreviewed
CVE-2021-43587 was published Dec 22, 2021
The default cloud-init configuration, in cloud-init 0.6.2 and newer, included "ssh_deletekeys: 0"... High Unreviewed
CVE-2018-10896 was published May 13, 2022
Akuvox E11 uses a hard-coded cryptographic key, which could allow an attacker to decrypt... High Unreviewed
CVE-2023-0355 was published Mar 13, 2023
Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions... High Unreviewed
CVE-2022-29827 was published Nov 25, 2022
Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions... High Unreviewed
CVE-2022-29829 was published Nov 25, 2022
Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions... High Unreviewed
CVE-2022-29828 was published Nov 25, 2022
Symmetric encryption used to protect messages between the AppsAnywhere server and client can be... High Unreviewed
CVE-2023-41137 was published Nov 9, 2023
Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate... High Unreviewed
CVE-2023-40464 was published Dec 5, 2023
A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco... High Unreviewed
CVE-2022-20868 was published Nov 4, 2022
A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an... High Unreviewed
CVE-2023-20038 was published Jan 20, 2023
Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to... High Unreviewed
CVE-2023-2637 was published Jun 13, 2023
The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to... High Unreviewed
CVE-2023-3371 was published Jun 27, 2023
Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This... High Unreviewed
CVE-2023-34123 was published Jul 13, 2023
Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key... High Unreviewed
CVE-2023-43637 was published Sep 21, 2023
Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a... High Unreviewed
CVE-2022-2660 was published Dec 14, 2022
The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native... High Unreviewed
CVE-2024-30407 was published Apr 12, 2024
Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure... High Unreviewed
CVE-2023-39465 was published May 3, 2024
The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded... High Unreviewed
CVE-2024-31410 was published May 15, 2024
Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP... High Unreviewed
CVE-2024-33891 was published Apr 29, 2024
A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauthenticated, remote... High Unreviewed
CVE-2024-20323 was published Jul 17, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database