GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
156 advisories
Filter by severity
Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a...
Moderate
Unreviewed
CVE-2024-23453
was published
Jan 24, 2024
Use of encryption key derived from static information in Synaptics Fingerprint Driver allows
an...
Moderate
Unreviewed
CVE-2023-6482
was published
Jan 27, 2024
Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default...
Moderate
Unreviewed
CVE-2023-50124
was published
Jan 11, 2024
Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka...
Moderate
Unreviewed
CVE-2023-46919
was published
Dec 27, 2023
Phlox com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus has an Android...
Moderate
Unreviewed
CVE-2023-46918
was published
Dec 28, 2023
An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses...
Moderate
Unreviewed
CVE-2023-49228
was published
Dec 28, 2023
The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded...
Moderate
Unreviewed
CVE-2023-28897
was published
Jan 12, 2024
IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or...
Moderate
Unreviewed
CVE-2023-50948
was published
Jan 8, 2024
In Pexip VMR self-service portal before 3, the same SSH host key is used across different...
Moderate
Unreviewed
CVE-2023-40236
was published
Dec 25, 2023
VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an...
Moderate
Unreviewed
CVE-2023-46711
was published
Dec 26, 2023
IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or...
Moderate
Unreviewed
CVE-2023-47704
was published
Dec 20, 2023
SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard...
Moderate
Unreviewed
CVE-2023-48374
was published
Dec 15, 2023
The FACSChorus software contains sensitive information stored in plaintext. A threat actor could...
Moderate
Unreviewed
CVE-2023-29064
was published
Nov 28, 2023
A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 -...
Moderate
Unreviewed
CVE-2023-40719
was published
Nov 14, 2023
A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7...
Moderate
Unreviewed
CVE-2023-33304
was published
Nov 14, 2023
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated,...
Moderate
Unreviewed
CVE-2023-37858
was published
Aug 9, 2023
Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated...
Moderate
Unreviewed
CVE-2023-41030
was published
Sep 18, 2023
A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects...
Moderate
Unreviewed
CVE-2023-3237
was published
Jun 14, 2023
Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials,...
Moderate
Unreviewed
CVE-2021-35232
was published
Dec 28, 2021
An information disclosure vulnerability exists in the router configuration export functionality...
Moderate
Unreviewed
CVE-2022-26020
was published
May 13, 2022
A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage...
Moderate
Unreviewed
CVE-2021-42849
was published
May 19, 2022
The ABB HMI components implement hidden administrative accounts that are used during the...
Moderate
Unreviewed
CVE-2019-7225
was published
May 24, 2022
The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to...
Moderate
Unreviewed
CVE-2020-35137
was published
May 24, 2022
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs ...
Moderate
Unreviewed
CVE-2022-34386
was published
Feb 11, 2023
PowerPath Management Appliance with versions 3.3 & 3.2* contains a Hardcoded Cryptographic Keys...
Moderate
Unreviewed
CVE-2022-34449
was published
Feb 11, 2023
ProTip!
Advisories are also available from the
GraphQL API