GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,436
Composer 4,409
Erlang 33
GitHub Actions 22
Go 2,146
Maven 5,316
npm 3,808
NuGet 687
pip 3,481
Pub 12
RubyGems 897
Rust 899
Swift 38

Unreviewed advisories

All unreviewed 246,034

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

1,212 advisories

Filter by severity

Sort by

Least recently updated

CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption... Low Unreviewed

CVE-2020-6857 was published May 24, 2022

Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An... High Unreviewed

CVE-2022-45425 was published Dec 27, 2022

In IXP EasyInstall 6.2.13723, there are cleartext credentials in network communication on TCP... Moderate Unreviewed

CVE-2019-19898 was published May 24, 2022

The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the... Moderate Unreviewed

CVE-2019-5137 was published May 24, 2022

An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of... Low Unreviewed

CVE-2019-5139 was published May 24, 2022

An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.42. A bundled script... Moderate Unreviewed

CVE-2020-10996 was published May 24, 2022

Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an... Moderate Unreviewed

CVE-2021-34757 was published May 24, 2022

The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code... High Unreviewed

CVE-2020-13166 was published May 24, 2022

An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by... Moderate Unreviewed

CVE-2020-13414 was published May 24, 2022

A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1... Moderate Unreviewed

CVE-2020-7501 was published May 24, 2022

Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an... Moderate Unreviewed

CVE-2021-34744 was published May 24, 2022

A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader... High Unreviewed

CVE-2020-7498 was published May 24, 2022

An issue was discovered in MK-AUTH 19.01. There is authentication bypass in the web login... High Unreviewed

CVE-2020-14070 was published May 24, 2022

The ifmap service that comes bundled with Juniper Networks Contrail releases uses hard coded... Moderate Unreviewed

CVE-2017-10616 was published May 13, 2022

ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such that an attacker (who does... Critical Unreviewed

CVE-2021-36751 was published Jan 3, 2022

A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in... Low Unreviewed

CVE-2020-7515 was published May 24, 2022

The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks... High Unreviewed

CVE-2021-0266 was published May 24, 2022

Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an undocumented account with... High Unreviewed

CVE-2020-5351 was published May 24, 2022

Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism.... High Unreviewed

CVE-2022-36925 was published Jan 9, 2023

The client (aka GalaxyClientService.exe) in GOG GALAXY 2.0.19 allows local privilege escalation... Moderate Unreviewed

CVE-2020-24574 was published May 24, 2022

GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for... High Unreviewed

CVE-2020-14510 was published May 24, 2022

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a... High Unreviewed

CVE-2022-38420 was published Oct 15, 2022

Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An... Critical Unreviewed

CVE-2020-26879 was published May 24, 2022

Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process)... High Unreviewed

CVE-2020-16258 was published May 24, 2022

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC... Critical Unreviewed

CVE-2020-11483 was published May 24, 2022

Previous 1 2 … 6 7 8 9 10 … 48 49 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,212 advisories