GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,339
Composer 4,133
Erlang 29
GitHub Actions 19
Go 1,940
Maven 5,135
npm 3,677
NuGet 645
pip 3,295
Pub 11
RubyGems 877
Rust 830
Swift 35

Unreviewed advisories

All unreviewed 230,851

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

522 advisories

Filter by severity

Sort by

Least recently updated

AMI MegaRAC Redfish Arbitrary Code Execution Critical Unreviewed

CVE-2022-40259 was published Dec 6, 2022

MegaRAC Default Credentials Vulnerability Critical Unreviewed

CVE-2022-40242 was published Dec 6, 2022

When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server.... Critical Unreviewed

CVE-2022-38337 was published Dec 6, 2022

Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows... Critical Unreviewed

CVE-2022-44096 was published Nov 30, 2022

Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows... Critical Unreviewed

CVE-2022-44097 was published Nov 30, 2022

A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the... Critical Unreviewed

CVE-2022-41157 was published Nov 25, 2022

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions... Critical Unreviewed

CVE-2022-29830 was published Nov 25, 2022

A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote... Critical Unreviewed

CVE-2022-40602 was published Nov 22, 2022

An authentication bypass vulnerability exists in the web interface /action/factory* functionality... Critical Unreviewed

CVE-2022-29477 was published Oct 25, 2022

A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc.... Critical Unreviewed

CVE-2022-29889 was published Oct 25, 2022

go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key. Critical Unreviewed

CVE-2022-42980 was published Oct 17, 2022

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote,... Critical Unreviewed

CVE-2022-22522 was published Sep 29, 2022

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote,... Critical Unreviewed

CVE-2022-28812 was published Sep 29, 2022

In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow... Critical Unreviewed

CVE-2022-38823 was published Sep 17, 2022

Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to... Critical Unreviewed

CVE-2022-3214 was published Sep 17, 2022

WAPPLES through 6.0 has a hardcoded systemi account accessible via db/wp.no1 (as configured in... Critical Unreviewed

CVE-2022-35413 was published Sep 14, 2022

Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions... Critical Unreviewed

CVE-2022-38394 was published Sep 9, 2022

In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is... Critical Unreviewed

CVE-2022-40111 was published Sep 7, 2022

Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config... Critical Unreviewed

CVE-2022-36672 was published Sep 2, 2022

Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056,... Critical Unreviewed

CVE-2022-30318 was published Sep 1, 2022

Le-yan Personnel and Salary Management System has hard-coded database account and password within... Critical Unreviewed

CVE-2022-38116 was published Aug 31, 2022

Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded... Critical Unreviewed

CVE-2022-36560 was published Aug 30, 2022

Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root... Critical Unreviewed

CVE-2022-36558 was published Aug 30, 2022

D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d... Critical Unreviewed

CVE-2022-38557 was published Aug 29, 2022

Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d... Critical Unreviewed

CVE-2022-38556 was published Aug 29, 2022

Previous 1 2 3 4 5 6 7 8 … 20 21 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

522 advisories