Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

584 advisories

Loading
Trango Altum AC600 devices have a built-in, hidden root account, with a default password of... Critical Unreviewed
CVE-2016-10306 was published May 17, 2022
The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to... Critical Unreviewed
CVE-2022-2107 was published Jul 21, 2022
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject... Critical Unreviewed
CVE-2022-31210 was published Jul 18, 2022
Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for... Critical Unreviewed
CVE-2015-2885 was published May 17, 2022
An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0.... Critical Unreviewed
CVE-2017-6403 was published May 17, 2022
Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account,... Critical Unreviewed
CVE-2016-10308 was published May 17, 2022
The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a... Critical Unreviewed
CVE-2022-26138 was published Jul 21, 2022
OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine... Critical Unreviewed
CVE-2022-32965 was published Aug 5, 2022
An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded... Critical Unreviewed
CVE-2016-8567 was published May 17, 2022
Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow... Critical Unreviewed
CVE-2022-24657 was published Jul 21, 2022
An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older.... Critical Unreviewed
CVE-2016-5818 was published May 17, 2022
Le-yan Personnel and Salary Management System has hard-coded database account and password within... Critical Unreviewed
CVE-2022-38116 was published Aug 31, 2022
Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption... Critical Unreviewed
CVE-2022-34045 was published Jul 21, 2022
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote,... Critical Unreviewed
CVE-2022-22522 was published Sep 29, 2022
Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default passwords for the sa and... Critical Unreviewed
CVE-2016-6530 was published May 17, 2022
A hard-coded password vulnerability exists in the libcommonprod.so prod_change_root_passwd... Critical Unreviewed
CVE-2022-22144 was published Aug 6, 2022
The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with... Critical Unreviewed
CVE-2022-30274 was published Jul 27, 2022
The Motorola ACE1000 RTU through 2022-05-02 has default credentials. It exposes an SSH interface... Critical Unreviewed
CVE-2022-30270 was published Jul 27, 2022
In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the... Critical Unreviewed
CVE-2022-36952 was published Jul 28, 2022
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0,... Critical Unreviewed
CVE-2016-7560 was published May 17, 2022
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which... Critical Unreviewed
CVE-2016-6535 was published May 17, 2022
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote,... Critical Unreviewed
CVE-2022-28812 was published Sep 29, 2022
DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers... Critical Unreviewed
CVE-2016-6532 was published May 17, 2022
ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, which makes it easier for... Critical Unreviewed
CVE-2016-5081 was published May 17, 2022
Use of Hard-coded Credentials in AgileConfig.Client Critical
CVE-2022-35540 was published for AgileConfig.Client (NuGet) Aug 19, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database