Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

560 advisories

Loading
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive... Critical Unreviewed
CVE-2024-3699 was published Jun 10, 2024
TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in ... Critical Unreviewed
CVE-2024-36782 was published Jun 3, 2024
Hard-coded credentials are used by the  CyberPower PowerPanel platform to authenticate to the ... Critical Unreviewed
CVE-2024-32053 was published May 15, 2024
Weak account password in GE HealthCare EchoPAC products Critical Unreviewed
CVE-2024-27107 was published May 14, 2024
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device... Critical Unreviewed
CVE-2024-32740 was published May 14, 2024
D-Link D-View InstallApplication Use of Hard-coded Credentials Authentication Bypass... Critical Unreviewed
CVE-2023-44411 was published May 3, 2024
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been... Critical Unreviewed
CVE-2024-3272 was published Apr 4, 2024
Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass... Critical Unreviewed
CVE-2024-2161 was published Mar 21, 2024
Chirp Access improperly stores credentials within its source code, potentially exposing... Critical Unreviewed
CVE-2024-2197 was published Mar 20, 2024
INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. The same... Critical Unreviewed
CVE-2024-0390 was published Feb 15, 2024
A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0)... Critical Unreviewed
CVE-2024-23816 was published Feb 13, 2024
An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via... Critical Unreviewed
CVE-2023-38995 was published Feb 7, 2024
D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account... Critical Unreviewed
CVE-2024-22853 was published Feb 6, 2024
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded... Critical Unreviewed
CVE-2024-21764 was published Feb 2, 2024
Multiple MachineSense devices have credentials unable to be changed by the user or... Critical Unreviewed
CVE-2023-46706 was published Feb 2, 2024
TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root... Critical Unreviewed
CVE-2024-24324 was published Jan 30, 2024
DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key. Critical Unreviewed
CVE-2023-51840 was published Jan 29, 2024
A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote,... Critical Unreviewed
CVE-2024-23619 was published Jan 26, 2024
An issue in the default configurations of ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION... Critical Unreviewed
CVE-2023-51200 was published Jan 23, 2024
Hard-coded credentials in org.folio:mod-data-export-spring Critical
CVE-2024-23687 was published for org.folio:mod-data-export-spring (Maven) Jan 20, 2024
EverShop at risk to unauthorized access via weak HMAC secret Critical
CVE-2023-46943 was published for @evershop/evershop (npm) Jan 13, 2024
Root user password is hardcoded into the device and cannot be changed in the user interface. Critical Unreviewed
CVE-2023-49253 was published Jan 12, 2024
Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard... Critical Unreviewed
CVE-2023-48392 was published Dec 15, 2023
Multisuns EasyLog web+ has a vulnerability of using hard-coded credentials. An remote attacker... Critical Unreviewed
CVE-2023-48388 was published Dec 15, 2023
NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key. Critical Unreviewed
CVE-2023-40300 was published Dec 7, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database