GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,309
Composer 4,359
Erlang 33
GitHub Actions 22
Go 2,126
Maven 5,307
npm 3,787
NuGet 683
pip 3,467
Pub 12
RubyGems 894
Rust 892
Swift 38

Unreviewed advisories

All unreviewed 244,683

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

1,205 advisories

Filter by severity

Sort by

Least recently updated

An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of... Low Unreviewed

CVE-2019-5139 was published May 24, 2022

The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the... Moderate Unreviewed

CVE-2019-5137 was published May 24, 2022

In IXP EasyInstall 6.2.13723, there are cleartext credentials in network communication on TCP... Moderate Unreviewed

CVE-2019-19898 was published May 24, 2022

Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An... High Unreviewed

CVE-2022-45425 was published Dec 27, 2022

CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption... Low Unreviewed

CVE-2020-6857 was published May 24, 2022

KMS Controls BAC-A1616BC BACnet devices have a cleartext password of snowman in the BACKDOOR_NAME... High Unreviewed

CVE-2020-7233 was published May 24, 2022

Ingenico Telium 2 POS terminals have hardcoded PPP credentials. This is fixed in Telium 2 SDK v9... High Unreviewed

CVE-2018-17767 was published May 24, 2022

Ingenico Telium 2 POS terminals have hardcoded FTP credentials. This is fixed in Telium 2 SDK v9... High Unreviewed

CVE-2018-17771 was published May 24, 2022

The express install, which is the suggested way to install Puppet Enterprise, gives the user a... High Unreviewed

CVE-2019-10694 was published May 24, 2022

The software contains a hard-coded password it uses for its own inbound authentication or for... Critical Unreviewed

CVE-2021-27440 was published May 24, 2022

Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port... High Unreviewed

CVE-2019-3906 was published May 13, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem. Moderate Unreviewed

CVE-2020-15326 was published Sep 30, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication. High Unreviewed

CVE-2020-15327 was published Sep 30, 2022

Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to... High Unreviewed

CVE-2019-3908 was published May 13, 2022

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with... Critical Unreviewed

CVE-2021-34565 was published May 24, 2022

BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited... High Unreviewed

CVE-2022-40263 was published Nov 5, 2022

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard... Critical Unreviewed

CVE-2019-3918 was published May 13, 2022

Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root. Critical Unreviewed

CVE-2018-20955 was published May 24, 2022

Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056,... Critical Unreviewed

CVE-2022-30318 was published Sep 1, 2022

A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote... Critical Unreviewed

CVE-2022-40602 was published Nov 22, 2022

A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate... Moderate Unreviewed

CVE-2022-4611 was published Dec 19, 2022

Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin... High Unreviewed

CVE-2022-36222 was published Dec 21, 2022

In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is... High Unreviewed

CVE-2021-44720 was published Aug 13, 2022

Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network... Moderate Unreviewed

CVE-2022-34840 was published Dec 7, 2022

An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom telnet... Critical Unreviewed

CVE-2017-8415 was published May 24, 2022

Previous 1 2 … 40 41 42 43 44 … 48 49 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,205 advisories