GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
522 advisories
Filter by severity
AMI MegaRAC Redfish Arbitrary Code Execution
Critical
Unreviewed
CVE-2022-40259
was published
Dec 6, 2022
MegaRAC Default Credentials Vulnerability
Critical
Unreviewed
CVE-2022-40242
was published
Dec 6, 2022
When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server....
Critical
Unreviewed
CVE-2022-38337
was published
Dec 6, 2022
Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows...
Critical
Unreviewed
CVE-2022-44096
was published
Nov 30, 2022
Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows...
Critical
Unreviewed
CVE-2022-44097
was published
Nov 30, 2022
A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the...
Critical
Unreviewed
CVE-2022-41157
was published
Nov 25, 2022
Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions...
Critical
Unreviewed
CVE-2022-29830
was published
Nov 25, 2022
A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote...
Critical
Unreviewed
CVE-2022-40602
was published
Nov 22, 2022
An authentication bypass vulnerability exists in the web interface /action/factory* functionality...
Critical
Unreviewed
CVE-2022-29477
was published
Oct 25, 2022
A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc....
Critical
Unreviewed
CVE-2022-29889
was published
Oct 25, 2022
go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key.
Critical
Unreviewed
CVE-2022-42980
was published
Oct 17, 2022
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote,...
Critical
Unreviewed
CVE-2022-22522
was published
Sep 29, 2022
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote,...
Critical
Unreviewed
CVE-2022-28812
was published
Sep 29, 2022
In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow...
Critical
Unreviewed
CVE-2022-38823
was published
Sep 17, 2022
Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to...
Critical
Unreviewed
CVE-2022-3214
was published
Sep 17, 2022
WAPPLES through 6.0 has a hardcoded systemi account accessible via db/wp.no1 (as configured in...
Critical
Unreviewed
CVE-2022-35413
was published
Sep 14, 2022
Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions...
Critical
Unreviewed
CVE-2022-38394
was published
Sep 9, 2022
In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is...
Critical
Unreviewed
CVE-2022-40111
was published
Sep 7, 2022
Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config...
Critical
Unreviewed
CVE-2022-36672
was published
Sep 2, 2022
Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056,...
Critical
Unreviewed
CVE-2022-30318
was published
Sep 1, 2022
Le-yan Personnel and Salary Management System has hard-coded database account and password within...
Critical
Unreviewed
CVE-2022-38116
was published
Aug 31, 2022
Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded...
Critical
Unreviewed
CVE-2022-36560
was published
Aug 30, 2022
Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root...
Critical
Unreviewed
CVE-2022-36558
was published
Aug 30, 2022
D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d...
Critical
Unreviewed
CVE-2022-38557
was published
Aug 29, 2022
Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d...
Critical
Unreviewed
CVE-2022-38556
was published
Aug 29, 2022
ProTip!
Advisories are also available from the
GraphQL API