GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,339
Composer 4,133
Erlang 29
GitHub Actions 19
Go 1,940
Maven 5,135
npm 3,677
NuGet 645
pip 3,295
Pub 11
RubyGems 877
Rust 830
Swift 35

Unreviewed advisories

All unreviewed 230,840

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,103 advisories

Filter by severity

Sort by

Least recently updated

IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or... Critical Unreviewed

CVE-2020-4150 was published Jul 12, 2022

A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a... Critical Unreviewed

CVE-2017-7336 was published May 17, 2022

An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code... Critical Unreviewed

CVE-2022-34005 was published Jun 20, 2022

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Users... High Unreviewed

CVE-2017-5167 was published May 17, 2022

The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin"... Critical Unreviewed

CVE-2016-0726 was published May 17, 2022

The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Administrator username and password. Critical Unreviewed

CVE-2021-40597 was published Jun 30, 2022

In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may... Critical Unreviewed

CVE-2017-6131 was published May 17, 2022

Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for... Critical Unreviewed

CVE-2017-9932 was published May 17, 2022

Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the... Critical Unreviewed

CVE-2015-2881 was published May 17, 2022

iBaby M3S has a password of admin for the backdoor admin account. Critical Unreviewed

CVE-2015-2887 was published May 17, 2022

Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of ... Critical Unreviewed

CVE-2015-2882 was published May 17, 2022

libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor... Critical Unreviewed

CVE-2022-32985 was published Jul 18, 2022

This vulnerability affects all of the company's products that also include the FW versions:... High Unreviewed

CVE-2022-30627 was published Jul 19, 2022

Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with... Critical Unreviewed

CVE-2017-8224 was published May 17, 2022

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded... Critical Unreviewed

CVE-2022-34441 was published Jan 11, 2023

ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the... Critical Unreviewed

CVE-2016-1560 was published May 17, 2022

The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain... Critical Unreviewed

CVE-2016-8491 was published May 17, 2022

A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa... High Unreviewed

CVE-2017-9132 was published May 17, 2022

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The... High Unreviewed

CVE-2016-8361 was published May 17, 2022

IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to... Critical Unreviewed

CVE-2016-8954 was published May 17, 2022

Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerability; the hardcoded keys... High Unreviewed

CVE-2016-8754 was published May 17, 2022

Trango Altum AC600 devices have a built-in, hidden root account, with a default password of... Critical Unreviewed

CVE-2016-10306 was published May 17, 2022

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of... Critical Unreviewed

CVE-2015-7246 was published May 17, 2022

The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to... Critical Unreviewed

CVE-2022-2107 was published Jul 21, 2022

IBM QRadar Network Security 5.4.0 and 5.5.0 contains hard-coded credentials, such as a password... High Unreviewed

CVE-2020-4157 was published Jul 13, 2022

Previous 1 2 3 4 5 6 … 44 45 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,103 advisories