GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,184
Composer 4,340
Erlang 31
GitHub Actions 22
Go 2,101
Maven 5,279
npm 3,764
NuGet 679
pip 3,451
Pub 12
RubyGems 892
Rust 885
Swift 37

Unreviewed advisories

All unreviewed 242,925

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

554 advisories

Filter by severity

Sort by

Least recently updated

A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiEDR versions 5.0.2, 5.0.1,... Critical Unreviewed

CVE-2022-23441 was published Apr 7, 2022

An authentication bypass vulnerability exists in the device password generation functionality of... Critical Unreviewed

CVE-2021-40422 was published Apr 15, 2022

An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView... Critical Unreviewed

CVE-2021-40390 was published Apr 15, 2022

In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender... Critical Unreviewed

CVE-2021-34601 was published Apr 28, 2022

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of... Critical Unreviewed

CVE-2009-5154 was published May 2, 2022

** UNSUPPORTED WHEN ASSIGNED ** QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in... Critical Unreviewed

CVE-2013-6276 was published May 5, 2022

IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access... Critical Unreviewed

CVE-2021-38969 was published May 12, 2022

Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12.... Critical Unreviewed

CVE-2016-8731 was published May 13, 2022

An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless... Critical Unreviewed

CVE-2016-8717 was published May 13, 2022

An exploitable unsafe default configuration vulnerability exists in the TURN server function of... Critical Unreviewed

CVE-2018-4059 was published May 13, 2022

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3... Critical Unreviewed

CVE-2017-7574 was published May 13, 2022

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions... Critical Unreviewed

CVE-2018-7229 was published May 13, 2022

EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to... Critical Unreviewed

CVE-2017-8011 was published May 13, 2022

DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials (such as the username... Critical Unreviewed

CVE-2017-7576 was published May 13, 2022

iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an... Critical Unreviewed

CVE-2017-6558 was published May 13, 2022

MaLion for Windows and Mac versions 3.2.1 to 5.2.1 uses a hardcoded cryptographic key which may... Critical Unreviewed

CVE-2017-10818 was published May 13, 2022

Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have... Critical Unreviewed

CVE-2016-10307 was published May 13, 2022

Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx... Critical Unreviewed

CVE-2016-10305 was published May 13, 2022

An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services... Critical Unreviewed

CVE-2016-10177 was published May 13, 2022

atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin... Critical Unreviewed

CVE-2018-18007 was published May 13, 2022

D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded... Critical Unreviewed

CVE-2018-6210 was published May 13, 2022

dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to... Critical Unreviewed

CVE-2018-18009 was published May 13, 2022

General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5... Critical Unreviewed

CVE-2016-2310 was published May 13, 2022

Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative... Critical Unreviewed

CVE-2017-3222 was published May 13, 2022

A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an... Critical Unreviewed

CVE-2019-1723 was published May 13, 2022

Previous 1 2 3 4 5 … 22 23 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

554 advisories