GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,230
Composer 4,347
Erlang 31
GitHub Actions 22
Go 2,117
Maven 5,289
npm 3,768
NuGet 680
pip 3,457
Pub 12
RubyGems 892
Rust 888
Swift 38

Unreviewed advisories

All unreviewed 243,675

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

542 advisories

Filter by severity

Sort by

Least recently updated

Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB... Critical Unreviewed

CVE-2024-51547 was published Feb 6, 2025

EasyVirt DCScope <=8.6.0 and CO2Scope <=1.3.0 are vulnerable to privilege escalation as the... Critical Unreviewed

CVE-2024-53356 was published Feb 1, 2025

HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to... Critical Unreviewed

CVE-2024-48126 was published Jan 15, 2025

A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2... Critical Unreviewed

CVE-2023-37936 was published Jan 14, 2025

Use of a hard-coded password for a database administrator account created during Wapro ERP... Critical Unreviewed

CVE-2024-4996 was published Dec 18, 2024

ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric... Critical Unreviewed

CVE-2024-55557 was published Dec 16, 2024

Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow... Critical Unreviewed

CVE-2024-54750 was published Dec 6, 2024

Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation due to the use of a hard... Critical Unreviewed

CVE-2024-53484 was published Dec 2, 2024

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials,... Critical Unreviewed

CVE-2024-49805 was published Nov 29, 2024

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials,... Critical Unreviewed

CVE-2024-49806 was published Nov 29, 2024

There are several hidden accounts. Some of them are intended for maintenance engineers, and with... Critical Unreviewed

CVE-2024-35244 was published Nov 26, 2024

API keys for some cloud services are hardcoded in the "main" binary. As for the details of... Critical Unreviewed

CVE-2024-36248 was published Nov 26, 2024

Allegra Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows... Critical Unreviewed

CVE-2023-51638 was published Nov 22, 2024

The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is... Critical Unreviewed

CVE-2024-42450 was published Nov 19, 2024

The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in... Critical Unreviewed

CVE-2024-48971 was published Nov 15, 2024

LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily... Critical Unreviewed

CVE-2024-51431 was published Nov 1, 2024

IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030... Critical Unreviewed

CVE-2024-45656 was published Oct 29, 2024

Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update... Critical Unreviewed

CVE-2024-48539 was published Oct 24, 2024

A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100,... Critical Unreviewed

CVE-2024-20412 was published Oct 23, 2024

A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain... Critical Unreviewed

CVE-2024-10025 was published Oct 17, 2024

The devices contain two hard coded user accounts with hardcoded passwords that allow an... Critical Unreviewed

CVE-2024-45275 was published Oct 15, 2024

The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user... Critical Unreviewed

CVE-2024-43423 was published Sep 25, 2024

Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if... Critical Unreviewed

CVE-2024-45861 was published Sep 19, 2024

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker... Critical Unreviewed

CVE-2024-20439 was published Sep 4, 2024

The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are... Critical Unreviewed

CVE-2024-6633 was published Aug 27, 2024

Previous 1 2 3 4 5 … 21 22 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

542 advisories