Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,146 advisories

Loading
LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily... Critical Unreviewed
CVE-2024-51431 was published Nov 1, 2024
A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows... High Unreviewed
CVE-2024-28875 was published Oct 30, 2024
A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows... High Unreviewed
CVE-2024-31151 was published Oct 30, 2024
IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030... Critical Unreviewed
CVE-2024-45656 was published Oct 29, 2024
Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update... Critical Unreviewed
CVE-2024-48539 was published Oct 24, 2024
A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100,... Critical Unreviewed
CVE-2024-20412 was published Oct 23, 2024
Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in... Moderate Unreviewed
CVE-2024-5764 was published Oct 23, 2024
MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded... Moderate Unreviewed
CVE-2024-4740 was published Oct 18, 2024
Tenda G3 v15.01.0.5(2848_755)_EN was discovered to contain a hardcoded password vulnerability in ... High Unreviewed
CVE-2024-48192 was published Oct 17, 2024
A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain... Critical Unreviewed
CVE-2024-10025 was published Oct 17, 2024
A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with... Moderate Unreviewed
CVE-2024-20280 was published Oct 16, 2024
VM images built with Image Builder and Proxmox provider use default credentials in github.com/kubernetes-sigs/image-builder Critical
CVE-2024-9486 was published for github.com/kubernetes-sigs/image-builder (Go) Oct 15, 2024
VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder Moderate
CVE-2024-9594 was published for github.com/kubernetes-sigs/image-builder (Go) Oct 15, 2024
The devices contain two hard coded user accounts with hardcoded passwords that allow an... Critical Unreviewed
CVE-2024-45275 was published Oct 15, 2024
An issue was discovered in Infinera hiT 7300 5.60.50. A hidden SSH service (on the local... High Unreviewed
CVE-2024-28812 was published Sep 30, 2024
Certain switch models from PLANET Technology have a hard-coded credential in the specific command... High Unreviewed
CVE-2024-8448 was published Sep 30, 2024
Certain switch models from PLANET Technology have a Hard-coded Credential in the password... Moderate Unreviewed
CVE-2024-8449 was published Sep 30, 2024
Certain switch models from PLANET Technology have a Hard-coded community string in the SNMPv1... High Unreviewed
CVE-2024-8450 was published Sep 30, 2024
Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass... Moderate Unreviewed
CVE-2024-23958 was published Sep 28, 2024
The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user... Critical Unreviewed
CVE-2024-43423 was published Sep 25, 2024
Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if... Critical Unreviewed
CVE-2024-45861 was published Sep 19, 2024
Dragonfly2 has hard coded cyptographic key Critical
CVE-2023-27584 was published for d7y.io/dragonfly/v2 (Go) Sep 19, 2024
cokeBeer
Victure PC420 1.1.39 was discovered to use a weak encryption key for the file enabled_telnet.dat... High Unreviewed
CVE-2023-41612 was published Sep 18, 2024
Certain models of D-Link wireless routers do not properly validate user input in the telnet... High Unreviewed
CVE-2024-45698 was published Sep 16, 2024
Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read... High Unreviewed
CVE-2024-6656 was published Sep 13, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database