GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,828
Composer 4,768
Erlang 35
GitHub Actions 29
Go 2,332
Maven 5,625
npm 3,965
NuGet 713
pip 3,748
Pub 12
RubyGems 921
Rust 975
Swift 38

Unreviewed advisories

All unreviewed 258,996

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

1,268 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote... Critical Unreviewed

CVE-2022-40602 was published Nov 22, 2022

Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056,... Critical Unreviewed

CVE-2022-30318 was published Sep 1, 2022

Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root. Critical Unreviewed

CVE-2018-20955 was published May 24, 2022

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard... Critical Unreviewed

CVE-2019-3918 was published May 13, 2022

BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited... High Unreviewed

CVE-2022-40263 was published Nov 5, 2022

Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to... High Unreviewed

CVE-2019-3908 was published May 13, 2022

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with... Critical Unreviewed

CVE-2021-34565 was published May 24, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication. High Unreviewed

CVE-2020-15327 was published Sep 30, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem. Moderate Unreviewed

CVE-2020-15326 was published Sep 30, 2022

Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port... High Unreviewed

CVE-2019-3906 was published May 13, 2022

The software contains a hard-coded password it uses for its own inbound authentication or for... Critical Unreviewed

CVE-2021-27440 was published May 24, 2022

The express install, which is the suggested way to install Puppet Enterprise, gives the user a... High Unreviewed

CVE-2019-10694 was published May 24, 2022

Ingenico Telium 2 POS terminals have hardcoded FTP credentials. This is fixed in Telium 2 SDK v9... High Unreviewed

CVE-2018-17771 was published May 24, 2022

Ingenico Telium 2 POS terminals have hardcoded PPP credentials. This is fixed in Telium 2 SDK v9... High Unreviewed

CVE-2018-17767 was published May 24, 2022

KMS Controls BAC-A1616BC BACnet devices have a cleartext password of snowman in the BACKDOOR_NAME... High Unreviewed

CVE-2020-7233 was published May 24, 2022

CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption... Low Unreviewed

CVE-2020-6857 was published May 24, 2022

Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An... High Unreviewed

CVE-2022-45425 was published Dec 27, 2022

In IXP EasyInstall 6.2.13723, there are cleartext credentials in network communication on TCP... Moderate Unreviewed

CVE-2019-19898 was published May 24, 2022

The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the... Moderate Unreviewed

CVE-2019-5137 was published May 24, 2022

An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of... Low Unreviewed

CVE-2019-5139 was published May 24, 2022

An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.42. A bundled script... Moderate Unreviewed

CVE-2020-10996 was published May 24, 2022

Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an... Moderate Unreviewed

CVE-2021-34757 was published May 24, 2022

The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code... High Unreviewed

CVE-2020-13166 was published May 24, 2022

An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by... Moderate Unreviewed

CVE-2020-13414 was published May 24, 2022

A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1... Moderate Unreviewed

CVE-2020-7501 was published May 24, 2022

Previous 1 2 … 5 6 7 8 9 … 50 51 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,268 advisories