Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

544 advisories

Loading
H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow... Critical Unreviewed
CVE-2024-42637 was published Aug 16, 2024
H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc... Critical Unreviewed
CVE-2024-42638 was published Aug 16, 2024
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability,... Critical Unreviewed
CVE-2024-28987 was published Aug 22, 2024
A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207.... Critical Unreviewed
CVE-2024-8162 was published Aug 26, 2024
The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are... Critical Unreviewed
CVE-2024-6633 was published Aug 27, 2024
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker... Critical Unreviewed
CVE-2024-20439 was published Sep 4, 2024
Dragonfly2 has hard coded cyptographic key Critical
CVE-2023-27584 was published for d7y.io/dragonfly/v2 (Go) Sep 19, 2024
cokeBeer
Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if... Critical Unreviewed
CVE-2024-45861 was published Sep 19, 2024
The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user... Critical Unreviewed
CVE-2024-43423 was published Sep 25, 2024
The devices contain two hard coded user accounts with hardcoded passwords that allow an... Critical Unreviewed
CVE-2024-45275 was published Oct 15, 2024
VM images built with Image Builder and Proxmox provider use default credentials in github.com/kubernetes-sigs/image-builder Critical
CVE-2024-9486 was published for github.com/kubernetes-sigs/image-builder (Go) Oct 15, 2024
A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain... Critical Unreviewed
CVE-2024-10025 was published Oct 17, 2024
A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100,... Critical Unreviewed
CVE-2024-20412 was published Oct 23, 2024
Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update... Critical Unreviewed
CVE-2024-48539 was published Oct 24, 2024
IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030... Critical Unreviewed
CVE-2024-45656 was published Oct 29, 2024
LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily... Critical Unreviewed
CVE-2024-51431 was published Nov 1, 2024
The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in... Critical Unreviewed
CVE-2024-48971 was published Nov 15, 2024
The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is... Critical Unreviewed
CVE-2024-42450 was published Nov 19, 2024
Allegra Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows... Critical Unreviewed
CVE-2023-51638 was published Nov 22, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database