GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,960
Composer 4,279
Erlang 31
GitHub Actions 21
Go 2,056
Maven 5,237
npm 3,740
NuGet 668
pip 3,421
Pub 12
RubyGems 891
Rust 873
Swift 36

Unreviewed advisories

All unreviewed 238,966

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

537 advisories

Filter by severity

Sort by

Least recently updated

All versions of the qBittorrent client through 4.5.5 use default credentials when the web user... Critical Unreviewed

CVE-2023-30801 was published Oct 10, 2023

Qognify NiceVision versions 3.1 and prior are vulnerable to exposing sensitive information... Critical Unreviewed

CVE-2023-2306 was published Oct 5, 2023

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to... Critical Unreviewed

CVE-2023-20101 was published Oct 4, 2023

Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation... Critical Unreviewed

CVE-2023-2809 was published Oct 4, 2023

Use of a static key to protect a JWT token used in user authentication can allow an for an... Critical Unreviewed

CVE-2023-5074 was published Sep 20, 2023

** UNSUPPPORTED WHEN ASSIGNED ** Devices ekorCCP and ekorRCI are vulnerable due to access to the... Critical Unreviewed

CVE-2022-47558 was published Sep 19, 2023

An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary... Critical Unreviewed

CVE-2023-42336 was published Sep 16, 2023

i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default... Critical Unreviewed

CVE-2023-37755 was published Sep 14, 2023

The /irmdata/api/ endpoints exposed by the IRM Next Generation booking engine authenticates... Critical Unreviewed

CVE-2023-39422 was published Sep 7, 2023

A hard coded password in Super Store Finder v3.6 allows attackers to access the administration... Critical Unreviewed

CVE-2023-41508 was published Sep 5, 2023

Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site... Critical Unreviewed

CVE-2023-23770 was published Aug 29, 2023

SpotCam Co., Ltd. SpotCam FHD 2 has a vulnerability of using hard-coded uBoot credentials. An... Critical Unreviewed

CVE-2023-38026 was published Aug 28, 2023

SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of using hard-coded... Critical Unreviewed

CVE-2023-38024 was published Aug 28, 2023

N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a hardcoded root password which... Critical Unreviewed

CVE-2023-39808 was published Aug 21, 2023

NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential... Critical Unreviewed

CVE-2023-4204 was published Aug 16, 2023

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to... Critical Unreviewed

CVE-2023-3264 was published Aug 14, 2023

Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's... Critical Unreviewed

CVE-2023-33372 was published Aug 4, 2023

Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and... Critical Unreviewed

CVE-2023-33371 was published Aug 3, 2023

JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials Critical Unreviewed

CVE-2023-37215 was published Jul 30, 2023

Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials Critical Unreviewed

CVE-2023-32227 was published Jul 30, 2023

TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password (PIN):... Critical Unreviewed

CVE-2023-33744 was published Jul 27, 2023

Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An... Critical Unreviewed

CVE-2023-37291 was published Jul 21, 2023

SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated... Critical Unreviewed

CVE-2023-37286 was published Jul 10, 2023

SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated... Critical Unreviewed

CVE-2023-37287 was published Jul 10, 2023

PiiGAB M-Bus contains hard-coded credentials which it uses for authentication. Critical Unreviewed

CVE-2023-35987 was published Jul 7, 2023

Previous 1 2 3 4 5 6 … 21 22 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

537 advisories