GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,230
Composer 4,347
Erlang 31
GitHub Actions 22
Go 2,117
Maven 5,289
npm 3,768
NuGet 680
pip 3,457
Pub 12
RubyGems 892
Rust 888
Swift 38

Unreviewed advisories

All unreviewed 243,675

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

557 advisories

Filter by severity

Sort by

Least recently updated

The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain... Critical Unreviewed

CVE-2016-8491 was published May 17, 2022

IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to... Critical Unreviewed

CVE-2016-8954 was published May 17, 2022

Trango Altum AC600 devices have a built-in, hidden root account, with a default password of... Critical Unreviewed

CVE-2016-10306 was published May 17, 2022

The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to... Critical Unreviewed

CVE-2022-2107 was published Jul 21, 2022

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of... Critical Unreviewed

CVE-2015-7246 was published May 17, 2022

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject... Critical Unreviewed

CVE-2022-31210 was published Jul 18, 2022

Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for... Critical Unreviewed

CVE-2015-2885 was published May 17, 2022

An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0.... Critical Unreviewed

CVE-2017-6403 was published May 17, 2022

Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account,... Critical Unreviewed

CVE-2016-10308 was published May 17, 2022

The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a... Critical Unreviewed

CVE-2022-26138 was published Jul 21, 2022

OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine... Critical Unreviewed

CVE-2022-32965 was published Aug 5, 2022

An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded... Critical Unreviewed

CVE-2016-8567 was published May 17, 2022

Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow... Critical Unreviewed

CVE-2022-24657 was published Jul 21, 2022

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded... Critical Unreviewed

CVE-2022-34440 was published Jan 11, 2023

NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8... Critical Unreviewed

CVE-2016-10115 was published May 17, 2022

An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older.... Critical Unreviewed

CVE-2016-5818 was published May 17, 2022

Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key. Critical Unreviewed

CVE-2021-22644 was published Jul 29, 2022

Le-yan Personnel and Salary Management System has hard-coded database account and password within... Critical Unreviewed

CVE-2022-38116 was published Aug 31, 2022

Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption... Critical Unreviewed

CVE-2022-34045 was published Jul 21, 2022

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote,... Critical Unreviewed

CVE-2022-22522 was published Sep 29, 2022

A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote... Critical Unreviewed

CVE-2015-2867 was published May 17, 2022

Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default passwords for the sa and... Critical Unreviewed

CVE-2016-6530 was published May 17, 2022

A hard-coded password vulnerability exists in the libcommonprod.so prod_change_root_passwd... Critical Unreviewed

CVE-2022-22144 was published Aug 6, 2022

The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with... Critical Unreviewed

CVE-2022-30274 was published Jul 27, 2022

The Motorola ACE1000 RTU through 2022-05-02 has default credentials. It exposes an SSH interface... Critical Unreviewed

CVE-2022-30270 was published Jul 27, 2022

Previous 1 2 3 4 5 … 22 23 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

557 advisories