Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

166 advisories

Loading
Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an... Moderate Unreviewed
CVE-2019-13399 was published May 24, 2022
The ABB HMI components implement hidden administrative accounts that are used during the... Moderate Unreviewed
CVE-2019-7225 was published May 24, 2022
Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager... Moderate Unreviewed
CVE-2019-12376 was published May 24, 2022
VVX products using UCS software version 5.8.0 and earlier with Better Together over Ethernet... Moderate Unreviewed
CVE-2019-10688 was published May 24, 2022
A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage... Moderate Unreviewed
CVE-2021-42849 was published May 19, 2022
auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, ... Moderate Unreviewed
CVE-2010-2073 was published May 17, 2022
Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users... Moderate Unreviewed
CVE-2010-2772 was published May 17, 2022
A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless... Moderate Unreviewed
CVE-2017-12725 was published May 14, 2022
Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key... Moderate Unreviewed
CVE-2018-9073 was published May 14, 2022
Amcrest networked devices use the same hardcoded SSL private key across different customers'... Moderate Unreviewed
CVE-2018-16546 was published May 13, 2022
FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses... Moderate Unreviewed
CVE-2017-2720 was published May 13, 2022
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module ... Moderate Unreviewed
CVE-2014-5431 was published May 13, 2022
The ifmap service that comes bundled with Juniper Networks Contrail releases uses hard coded... Moderate Unreviewed
CVE-2017-10616 was published May 13, 2022
The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a... Moderate Unreviewed
CVE-2017-12317 was published May 13, 2022
A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0,... Moderate Unreviewed
CVE-2017-12709 was published May 13, 2022
Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded cryptographic key to encrypt PHI... Moderate Unreviewed
CVE-2017-14014 was published May 13, 2022
IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerability that could allow a... Moderate Unreviewed
CVE-2017-1787 was published May 13, 2022
A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all... Moderate Unreviewed
CVE-2017-6039 was published May 13, 2022
A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000... Moderate Unreviewed
CVE-2017-9649 was published May 13, 2022
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an... Moderate Unreviewed
CVE-2018-17919 was published May 13, 2022
IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could allow an attacker to bypass... Moderate Unreviewed
CVE-2018-1650 was published May 13, 2022
The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation... Moderate Unreviewed
CVE-2018-12240 was published May 13, 2022
A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP)... Moderate Unreviewed
CVE-2018-0329 was published May 13, 2022
Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows... Moderate Unreviewed
CVE-2012-4712 was published May 13, 2022
An information disclosure vulnerability exists in the router configuration export functionality... Moderate Unreviewed
CVE-2022-26020 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database