GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
409 advisories
Filter by severity
In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official...
High
Unreviewed
CVE-2021-46008
was published
Apr 1, 2022
A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of...
High
Unreviewed
CVE-2022-23440
was published
Apr 7, 2022
Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source...
High
Unreviewed
CVE-2022-26671
was published
Apr 8, 2022
A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance...
High
Unreviewed
CVE-2022-20773
was published
Apr 22, 2022
ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote...
High
Unreviewed
CVE-2022-26672
was published
Apr 23, 2022
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap...
High
Unreviewed
CVE-2022-23942
was published
Apr 27, 2022
A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA...
High
Unreviewed
CVE-2022-29856
was published
Apr 30, 2022
The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known...
High
Unreviewed
CVE-2000-1139
was published
Apr 30, 2022
Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back...
High
Unreviewed
CVE-2005-0496
was published
May 1, 2022
admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authentication and gain...
High
Unreviewed
CVE-2006-7074
was published
May 1, 2022
The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with...
High
Unreviewed
CVE-2007-1063
was published
May 1, 2022
EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to...
High
Unreviewed
CVE-2008-0961
was published
May 1, 2022
ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not...
High
Unreviewed
CVE-2008-1160
was published
May 1, 2022
Use of static encryption key material allows forging an authentication token to other users...
High
Unreviewed
CVE-2022-23724
was published
May 5, 2022
A hard-coded password vulnerability exists in the console infactory functionality of InHand...
High
Unreviewed
CVE-2022-27172
was published
May 13, 2022
Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due...
High
Unreviewed
CVE-2019-3710
was published
May 13, 2022
An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. The tools/ping...
High
Unreviewed
CVE-2019-3497
was published
May 13, 2022
An issue was discovered on Wifi-soft UniBox controller 3.x devices. The tools/controller...
High
Unreviewed
CVE-2019-3496
was published
May 13, 2022
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough...
High
Unreviewed
CVE-2017-14115
was published
May 13, 2022
A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When...
High
Unreviewed
CVE-2018-10898
was published
May 13, 2022
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses...
High
Unreviewed
CVE-2019-7161
was published
May 13, 2022
An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607.
High
Unreviewed
CVE-2016-10179
was published
May 13, 2022
A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation...
High
Unreviewed
CVE-2017-12239
was published
May 13, 2022
IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a...
High
Unreviewed
CVE-2018-1959
was published
May 13, 2022
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port...
High
Unreviewed
CVE-2019-3906
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API