Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,208 advisories

Loading
In Pexip VMR self-service portal before 3, the same SSH host key is used across different... Moderate Unreviewed
CVE-2023-40236 was published Dec 25, 2023
VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an... Moderate Unreviewed
CVE-2023-46711 was published Dec 26, 2023
Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka... Moderate Unreviewed
CVE-2023-46919 was published Dec 27, 2023
Phlox com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus has an Android... Moderate Unreviewed
CVE-2023-46918 was published Dec 28, 2023
An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses... Moderate Unreviewed
CVE-2023-49228 was published Dec 28, 2023
An issue in Automatic Systems SOC FL9600 FastLine v.lego_T04E00 allows a remote attacker to... High Unreviewed
CVE-2023-37608 was published Jan 3, 2024
IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or... Moderate Unreviewed
CVE-2023-50948 was published Jan 8, 2024
Apprite CLI makes Use of Hard-coded Credentials Moderate
CVE-2023-50974 was published for appwrite (npm) Jan 9, 2024
The vulnerability allows a remote attacker to authenticate to the web application with high... High Unreviewed
CVE-2023-48250 was published Jan 10, 2024
The vulnerability allows a remote attacker to authenticate to the SSH service with root... High Unreviewed
CVE-2023-48251 was published Jan 10, 2024
Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default... Moderate Unreviewed
CVE-2023-50124 was published Jan 11, 2024
Root user password is hardcoded into the device and cannot be changed in the user interface. Critical Unreviewed
CVE-2023-49253 was published Jan 12, 2024
It is possible to download the configuration backup without authorization and decrypt included... High Unreviewed
CVE-2023-49256 was published Jan 12, 2024
The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded... Moderate Unreviewed
CVE-2023-28897 was published Jan 12, 2024
EverShop at risk to unauthorized access via weak HMAC secret Critical
CVE-2023-46943 was published for @evershop/evershop (npm) Jan 13, 2024
Hard-coded credentials in org.folio:mod-remote-storage Moderate
CVE-2024-23685 was published for org.folio:mod-remote-storage (Maven) Jan 19, 2024
Hard-coded credentials in org.folio:mod-data-export-spring Critical
CVE-2024-23687 was published for org.folio:mod-data-export-spring (Maven) Jan 20, 2024
Ubee DDW365 XCNDDW365 and DDW366 XCNDXW3WB devices have predictable default WPA2 PSKs that could... High Unreviewed
CVE-2024-23726 was published Jan 21, 2024
Improper Input Validation in Hitron Systems DVR HVR-4781 1.03~4.02 allows an attacker to cause... High Unreviewed
CVE-2024-22768 was published Jan 23, 2024
Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause... High Unreviewed
CVE-2024-22772 was published Jan 23, 2024
Improper Input Validation in Hitron Systems DVR HVR-8781 1.03~4.02 allows an attacker to cause... High Unreviewed
CVE-2024-22769 was published Jan 23, 2024
Improper Input Validation in Hitron Systems DVR HVR-16781 1.03~4.02 allows an attacker to cause... High Unreviewed
CVE-2024-22770 was published Jan 23, 2024
Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause... High Unreviewed
CVE-2024-22771 was published Jan 23, 2024
Improper Input Validation in Hitron Systems DVR LGUVR-16H 1.02~4.02 allows an attacker to cause... High Unreviewed
CVE-2024-23842 was published Jan 23, 2024
An issue in the default configurations of ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION... Critical Unreviewed
CVE-2023-51200 was published Jan 23, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database