Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

447 advisories

Loading
The vulnerability allows a remote attacker to authenticate to the web application with high... High Unreviewed
CVE-2023-48250 was published Jan 10, 2024
An issue in Automatic Systems SOC FL9600 FastLine v.lego_T04E00 allows a remote attacker to... High Unreviewed
CVE-2023-37608 was published Jan 3, 2024
When installing the Net2 software a root certificate is installed into the trusted store. A... High Unreviewed
CVE-2023-43870 was published Dec 19, 2023
Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login... High Unreviewed
CVE-2023-36651 was published Dec 12, 2023
A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion... High Unreviewed
CVE-2023-36647 was published Dec 12, 2023
The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard... High Unreviewed
CVE-2023-33413 was published Dec 7, 2023
When configured in debugging mode by an authenticated user with administrative... High Unreviewed
CVE-2023-40463 was published Dec 5, 2023
Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate... High Unreviewed
CVE-2023-40464 was published Dec 5, 2023
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT... High Unreviewed
CVE-2023-47315 was published Nov 22, 2023
SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This... High Unreviewed
CVE-2023-48055 was published Nov 16, 2023
Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES... High Unreviewed
CVE-2023-48053 was published Nov 16, 2023
Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability. A local... High Unreviewed
CVE-2023-44296 was published Nov 16, 2023
Symmetric encryption used to protect messages between the AppsAnywhere server and client can be... High Unreviewed
CVE-2023-41137 was published Nov 9, 2023
Dromara Lamp-Cloud Use of Hard-coded Cryptographic Key High
CVE-2023-31579 was published for top.tangyh.basic:lamp-core (Maven) Nov 3, 2023
The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to... High Unreviewed
CVE-2023-46102 was published Oct 25, 2023
The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify... High Unreviewed
CVE-2023-41372 was published Oct 25, 2023
The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk... High Unreviewed
CVE-2023-26219 was published Oct 25, 2023
SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function. High Unreviewed
CVE-2023-41713 was published Oct 18, 2023
The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers... High Unreviewed
CVE-2023-45226 was published Oct 10, 2023
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only... High Unreviewed
CVE-2023-36380 was published Oct 10, 2023
All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device... High Unreviewed
CVE-2022-47891 was published Oct 3, 2023
Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could... High Unreviewed
CVE-2023-20034 was published Sep 27, 2023
Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key... High Unreviewed
CVE-2023-43637 was published Sep 21, 2023
Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One... High Unreviewed
CVE-2023-31808 was published Sep 19, 2023
An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password. High Unreviewed
CVE-2023-41595 was published Sep 18, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database