GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,144
Composer 4,333
Erlang 31
GitHub Actions 22
Go 2,095
Maven 5,265
npm 3,760
NuGet 678
pip 3,446
Pub 12
RubyGems 892
Rust 882
Swift 37

Unreviewed advisories

All unreviewed 242,550

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,150 advisories

Filter by severity

Sort by

Least recently updated

ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model... High Unreviewed

CVE-2024-11147 was published Jan 23, 2025

Flawed token generation implementation & Hard-coded key implementation Moderate Unreviewed

CVE-2024-55927 was published Jan 23, 2025

Hard-coded credentials were included as part of the application binary. These credentials served... Low Unreviewed

CVE-2024-45832 was published Jan 17, 2025

An issue in the AsDB service of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to enumerate... High Unreviewed

CVE-2024-48125 was published Jan 15, 2025

HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to... Critical Unreviewed

CVE-2024-48126 was published Jan 15, 2025

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure... Moderate Unreviewed

CVE-2024-28778 was published Jan 7, 2025

Use of a hard-coded password for a database administrator account created during Wapro ERP... Critical Unreviewed

CVE-2024-4996 was published Dec 18, 2024

ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric... Critical Unreviewed

CVE-2024-55557 was published Dec 16, 2024

The application uses several hard-coded credentials to encrypt config files during backup, to... High Unreviewed

CVE-2024-28146 was published Dec 12, 2024

Ubiquiti U7-Pro 7.0.35 was discovered to contain a hardcoded password vulnerability in /etc... High Unreviewed

CVE-2024-54749 was published Dec 6, 2024

Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow... Critical Unreviewed

CVE-2024-54750 was published Dec 6, 2024

A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions... Moderate Unreviewed

CVE-2024-45319 was published Dec 5, 2024

A hardcoded decryption key in Thinkware Cloud APK v4.3.46 allows attackers to access sensitive... Moderate Unreviewed

CVE-2024-53614 was published Dec 4, 2024

IBM Cognos Controller 11.0.0 and 11.0.1 contains hard-coded credentials, such as a... High Unreviewed

CVE-2024-41777 was published Dec 3, 2024

Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation due to the use of a hard... Critical Unreviewed

CVE-2024-53484 was published Dec 2, 2024

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials,... Critical Unreviewed

CVE-2024-49805 was published Nov 29, 2024

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials,... Critical Unreviewed

CVE-2024-49806 was published Nov 29, 2024

There are several hidden accounts. Some of them are intended for maintenance engineers, and with... Critical Unreviewed

CVE-2024-35244 was published Nov 26, 2024

API keys for some cloud services are hardcoded in the "main" binary. As for the details of... Critical Unreviewed

CVE-2024-36248 was published Nov 26, 2024

Allegra Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows... Critical Unreviewed

CVE-2023-51638 was published Nov 22, 2024

The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is... Critical Unreviewed

CVE-2024-42450 was published Nov 19, 2024

Tenda W30E v2.0 V16.01.0.8 was discovered to contain a hardcoded password vulnerability in ... High Unreviewed

CVE-2024-52789 was published Nov 19, 2024

Tenda W9 v1.0.0.7(4456) was discovered to contain a hardcoded password vulnerability in /etc_ro... High Unreviewed

CVE-2024-52788 was published Nov 19, 2024

Azure Stack HCI Elevation of Privilege Vulnerability High Unreviewed

CVE-2024-49060 was published Nov 15, 2024

The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in... Critical Unreviewed

CVE-2024-48971 was published Nov 15, 2024

Previous 1 2 3 4 5 … 45 46 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,150 advisories