Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

560 advisories

Loading
The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard... Critical Unreviewed
CVE-2022-41397 was published Apr 28, 2023
An issue was discovered in Fighting Cock Information System 1.0, which uses default credentials,... Critical Unreviewed
CVE-2022-39989 was published Apr 26, 2023
@nuxtlabs/github-module made Use of Hard-coded Credentials Critical
CVE-2023-2138 was published for @nuxtlabs/github-module (npm) Apr 18, 2023
The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with... Critical Unreviewed
CVE-2023-1748 was published Apr 4, 2023
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5... Critical Unreviewed
CVE-2023-28503 was published Mar 29, 2023
Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded... Critical Unreviewed
CVE-2023-28654 was published Mar 28, 2023
Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows... Critical Unreviewed
CVE-2022-22512 was published Mar 23, 2023
A Hard Coded Admin Credentials issue in the Web-UI Admin Panel in Propius MachineSelector 6.6.0... Critical Unreviewed
CVE-2023-26511 was published Mar 14, 2023
The Akuvox E11 secure shell (SSH) server is enabled by default and can be accessed by the root... Critical Unreviewed
CVE-2023-0345 was published Mar 13, 2023
Easy!Appointments uses hard-coded credentials Critical
CVE-2023-1269 was published for alextselegidis/easyappointments (Composer) Mar 8, 2023
Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC... Critical Unreviewed
CVE-2023-22344 was published Mar 6, 2023
ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded... Critical Unreviewed
CVE-2023-26462 was published Feb 23, 2023
Prolink router PRS1841 was discovered to contain hardcoded credentials for its Telnet and FTP... Critical Unreviewed
CVE-2022-46637 was published Feb 21, 2023
Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could... Critical Unreviewed
CVE-2022-3089 was published Feb 13, 2023
Hardcoded credentials in Global Facilities Management Software (GFMS) Version 3 software... Critical Unreviewed
CVE-2022-45766 was published Feb 10, 2023
Western Digital My Cloud devices before OS5 have a nobody account with a blank password. Critical Unreviewed
CVE-2021-36224 was published Feb 6, 2023
TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which... Critical Unreviewed
CVE-2023-24155 was published Feb 3, 2023
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is... Critical Unreviewed
CVE-2023-24149 was published Feb 3, 2023
A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to... Critical Unreviewed
CVE-2022-48113 was published Feb 3, 2023
Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3... Critical Unreviewed
CVE-2023-24022 was published Jan 26, 2023
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded... Critical Unreviewed
CVE-2022-34442 was published Jan 18, 2023
EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. Unit has an undocumented... Critical Unreviewed
CVE-2022-39185 was published Jan 12, 2023
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded... Critical Unreviewed
CVE-2022-34441 was published Jan 11, 2023
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded... Critical Unreviewed
CVE-2022-34440 was published Jan 11, 2023
KubePi allows malicious actor to login with a forged JWT token via Hardcoded Jwtsigkeys Critical
CVE-2023-22463 was published for github.com/KubeOperator/kubepi (Go) Jan 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database