Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

32 advisories

Loading
Hard-Coded Key Used For Remember-me Token in Opencast Moderate
CVE-2020-5222 was published for org.opencastproject:opencast-kernel (Maven) Jan 30, 2020
LukasKalbertodt
Hard coded cryptographic key in Kiali High
CVE-2020-1764 was published for github.com/kiali/kiali (Go) May 18, 2021
Use of Hard-coded Credentials in Apache Kylin High
CVE-2021-45458 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
Incorrect handling of credential expiry by /nats-io/nats-server Critical
CVE-2020-26892 was published for github.com/nats-io/jwt (Go) Feb 11, 2022
Use of Hard-coded Cryptographic Key in Netmaker High
CVE-2022-23650 was published for github.com/gravitl/netmaker (Go) Feb 22, 2022
JamieSlome MrSuicideParrot
Hard coded credentials in FreeTAKServer High
CVE-2022-25510 was published for FreeTAKServer (pip) Mar 12, 2022
web2py remote code execution via hardcoded encryption key in session.connect function Critical
CVE-2016-3953 was published for web2py (pip) May 14, 2022
Django user with hardcoded password created when running tests on Oracle Critical
CVE-2016-9013 was published for Django (pip) May 17, 2022
MarkLee131
Katello uses hard coded credential Critical
CVE-2012-3503 was published for katello (RubyGems) May 17, 2022
postmodern
keycloak vulnerable to unauthorized login via mail server setup Critical
CVE-2019-14837 was published for org.keycloak:keycloak-core (Maven) May 24, 2022
jhutchings1
ThinkAdmin Admin Panel Access using Default Credentials High
CVE-2020-35296 was published for zoujingli/thinkadmin (Composer) May 24, 2022
AdaptiveScale LXDUI Hardcoded JWT Secret Key Critical
CVE-2021-40494 was published for lxdui (pip) May 24, 2022
Use of Hard-coded Credentials in Nacos High
CVE-2021-43116 was published for com.alibaba.nacos:nacos-client (Maven) Jul 6, 2022
Use of Hard-coded Credentials in AgileConfig.Client Critical
CVE-2022-35540 was published for AgileConfig.Client (NuGet) Aug 19, 2022
FlyteAdmin's Default OAuth Authorization Server secret must be rotated High
CVE-2022-39273 was published for github.com/flyteorg/flyteadmin (Go) Oct 5, 2022
KubePi allows malicious actor to login with a forged JWT token via Hardcoded Jwtsigkeys Critical
CVE-2023-22463 was published for github.com/KubeOperator/kubepi (Go) Jan 6, 2023
Update share links to use FRP instead of SSH tunneling Moderate
CVE-2023-25823 was published for gradio (pip) Feb 23, 2023
gregsadetsky samueltc
Easy!Appointments uses hard-coded credentials Critical
CVE-2023-1269 was published for alextselegidis/easyappointments (Composer) Mar 8, 2023
@nuxtlabs/github-module made Use of Hard-coded Credentials Critical
CVE-2023-2138 was published for @nuxtlabs/github-module (npm) Apr 18, 2023
Netmaker has Hardcoded DNS Secret Key High
CVE-2023-32077 was published for github.com/gravitl/netmaker (Go) Aug 25, 2023
rootxharsh iamnoooob
Microweber uses hard coded credentials Moderate
CVE-2023-5318 was published for microweber/microweber (Composer) Sep 30, 2023
Sureness uses hardcoded key Critical
CVE-2023-31581 was published for com.usthe.sureness:sureness-core (Maven) Oct 25, 2023
Dromara Lamp-Cloud Use of Hard-coded Cryptographic Key High
CVE-2023-31579 was published for top.tangyh.basic:lamp-core (Maven) Nov 3, 2023
Apprite CLI makes Use of Hard-coded Credentials Moderate
CVE-2023-50974 was published for appwrite (npm) Jan 9, 2024
EverShop at risk to unauthorized access via weak HMAC secret High
CVE-2023-46943 was published for @evershop/evershop (npm) Jan 13, 2024
ProTip! Advisories are also available from the GraphQL API