GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,369
Composer 4,373
Erlang 33
GitHub Actions 22
Go 2,135
Maven 5,313
npm 3,797
NuGet 687
pip 3,478
Pub 12
RubyGems 896
Rust 897
Swift 38

Unreviewed advisories

All unreviewed 245,396

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,173 advisories

Filter by severity

Sort by

Least recently updated

Multisuns EasyLog web+ has a vulnerability of using hard-coded credentials. An remote attacker... Critical Unreviewed

CVE-2023-48388 was published Dec 15, 2023

SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard... Moderate Unreviewed

CVE-2023-48374 was published Dec 15, 2023

Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for... Moderate Unreviewed

CVE-2023-43583 was published Dec 14, 2023

Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login... High Unreviewed

CVE-2023-36651 was published Dec 12, 2023

A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion... High Unreviewed

CVE-2023-36647 was published Dec 12, 2023

NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key. Critical Unreviewed

CVE-2023-40300 was published Dec 7, 2023

The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard... High Unreviewed

CVE-2023-33413 was published Dec 7, 2023

The affected devices use publicly available default credentials with administrative privileges. Critical Unreviewed

CVE-2023-39169 was published Dec 7, 2023

Unitronics Vision Series PLCs and HMIs use default administrative passwords. An unauthenticated... Critical Unreviewed

CVE-2023-6448 was published Dec 5, 2023

When configured in debugging mode by an authenticated user with administrative... High Unreviewed

CVE-2023-40463 was published Dec 5, 2023

Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate... High Unreviewed

CVE-2023-40464 was published Dec 5, 2023

The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3... Low Unreviewed

CVE-2023-28895 was published Dec 1, 2023

Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain hardcoded credentials... Critical Unreviewed

CVE-2023-23324 was published Nov 29, 2023

The FACSChorus software contains sensitive information stored in plaintext. A threat actor could... Moderate Unreviewed

CVE-2023-29064 was published Nov 28, 2023

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT... High Unreviewed

CVE-2023-47315 was published Nov 22, 2023

SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This... High Unreviewed

CVE-2023-48055 was published Nov 16, 2023

Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES... High Unreviewed

CVE-2023-48053 was published Nov 16, 2023

Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability. A local... High Unreviewed

CVE-2023-44296 was published Nov 16, 2023

First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated... Critical Unreviewed

CVE-2023-47213 was published Nov 16, 2023

A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 -... Moderate Unreviewed

CVE-2023-40719 was published Nov 14, 2023

A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7... Moderate Unreviewed

CVE-2023-33304 was published Nov 14, 2023

Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the... Critical Unreviewed

CVE-2023-47800 was published Nov 10, 2023

Symmetric encryption used to protect messages between the AppsAnywhere server and client can be... High Unreviewed

CVE-2023-41137 was published Nov 9, 2023

Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is... Critical Unreviewed

CVE-2023-5777 was published Nov 6, 2023

VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded... Critical Unreviewed

CVE-2023-45499 was published Oct 27, 2023

Previous 1 2 … 7 8 9 10 11 … 46 47 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,173 advisories