GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,070 advisories
Filter by severity
Hardcoded credentials are discovered within the application's source code, creating a potential...
Critical
Unreviewed
CVE-2023-41919
was published
Jul 2, 2024
TELSAT marKoni FM Transmitters are vulnerable to an attacker exploiting a hidden admin account...
Unknown
Unreviewed
CVE-2024-39374
was published
Jun 27, 2024
Unitronics Vision Series PLCs and HMIs use default administrative passwords. An unauthenticated...
Critical
Unreviewed
CVE-2023-6448
was published
Dec 5, 2023
A vulnerability in the default configuration of the Simple Network
Management Protocol (SNMP)...
High
Unreviewed
CVE-2024-5460
was published
Jun 26, 2024
The configuration file is encrypted with a static key derived from a
static five-character...
Unknown
Unreviewed
CVE-2024-36496
was published
Jun 24, 2024
Use of Hard-coded Credentials vulnerability in Baicells Snap Router BaiCE_BMI on EP3011 (User...
Critical
Unreviewed
CVE-2023-6198
was published
Jun 25, 2024
Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor....
High
Unreviewed
CVE-2024-6045
was published
Jun 17, 2024
It was observed that all the Toshiba printers contain credentials used for WebDAV access in the...
High
Unreviewed
CVE-2024-27170
was published
Jun 14, 2024
all the Toshiba printers have programs containing a hardcoded key used to encrypt files. An...
Moderate
Unreviewed
CVE-2024-27161
was published
Jun 14, 2024
It appears that some hardcoded keys are used for authentication to internal API. Knowing these...
High
Unreviewed
CVE-2024-27168
was published
Jun 14, 2024
All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An...
Moderate
Unreviewed
CVE-2024-27160
was published
Jun 14, 2024
All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An...
Moderate
Unreviewed
CVE-2024-27159
was published
Jun 14, 2024
An attacker can access the maintenance console using hard coded credentials for a hidden wireless...
Unknown
Unreviewed
CVE-2024-38281
was published
Jun 13, 2024
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive...
Critical
Unreviewed
CVE-2024-1228
was published
Jun 10, 2024
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive...
Critical
Unreviewed
CVE-2024-3700
was published
Jun 10, 2024
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive...
Critical
Unreviewed
CVE-2024-3699
was published
Jun 10, 2024
CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege...
High
Unreviewed
CVE-2024-0865
was published
Jun 12, 2024
Chirp Access improperly stores credentials within its source code, potentially exposing...
Critical
Unreviewed
CVE-2024-2197
was published
Mar 20, 2024
Dell PowerScale OneFS versions 8.2.x through 9.8.0.x contain a use of hard coded credentials...
High
Unreviewed
CVE-2024-29170
was published
Jun 4, 2024
A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 (64-bit edition) with...
Moderate
Unreviewed
CVE-2021-41320
was published
May 24, 2022
FlyteAdmin's Default OAuth Authorization Server secret must be rotated
High
CVE-2022-39273
was published
for
github.com/flyteorg/flyteadmin
(Go)
Oct 5, 2022
Incorrect handling of credential expiry by /nats-io/nats-server
Critical
CVE-2020-26892
was published
for
github.com/nats-io/jwt
(Go)
Feb 11, 2022
Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5...
High
Unreviewed
CVE-2024-4844
was published
May 16, 2024
Hard-coded credentials are used by the
CyberPower PowerPanel
platform to authenticate to the ...
Critical
Unreviewed
CVE-2024-32053
was published
May 15, 2024
Weak account password in GE HealthCare EchoPAC products
Critical
Unreviewed
CVE-2024-27107
was published
May 14, 2024
ProTip!
Advisories are also available from the
GraphQL API