Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

539 advisories

Loading
The /irmdata/api/ endpoints exposed by the IRM Next Generation booking engine authenticates... Critical Unreviewed
CVE-2023-39422 was published Sep 7, 2023
A hard coded password in Super Store Finder v3.6 allows attackers to access the administration... Critical Unreviewed
CVE-2023-41508 was published Sep 5, 2023
Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site... Critical Unreviewed
CVE-2023-23770 was published Aug 29, 2023
SpotCam Co., Ltd. SpotCam FHD 2 has a vulnerability of using hard-coded uBoot credentials. An... Critical Unreviewed
CVE-2023-38026 was published Aug 28, 2023
SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of using hard-coded... Critical Unreviewed
CVE-2023-38024 was published Aug 28, 2023
N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a hardcoded root password which... Critical Unreviewed
CVE-2023-39808 was published Aug 21, 2023
NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential... Critical Unreviewed
CVE-2023-4204 was published Aug 16, 2023
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to... Critical Unreviewed
CVE-2023-3264 was published Aug 14, 2023
Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's... Critical Unreviewed
CVE-2023-33372 was published Aug 4, 2023
Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and... Critical Unreviewed
CVE-2023-33371 was published Aug 3, 2023
JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials Critical Unreviewed
CVE-2023-37215 was published Jul 30, 2023
Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials Critical Unreviewed
CVE-2023-32227 was published Jul 30, 2023
TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password (PIN):... Critical Unreviewed
CVE-2023-33744 was published Jul 27, 2023
Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An... Critical Unreviewed
CVE-2023-37291 was published Jul 21, 2023
SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated... Critical Unreviewed
CVE-2023-37287 was published Jul 10, 2023
SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated... Critical Unreviewed
CVE-2023-37286 was published Jul 10, 2023
PiiGAB M-Bus contains hard-coded credentials which it uses for authentication. Critical Unreviewed
CVE-2023-35987 was published Jul 7, 2023
Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious... Critical Unreviewed
CVE-2023-2158 was published Jul 6, 2023
Electra Central AC unit – Hardcoded Credentials in unspecified code used by the unit. Critical Unreviewed
CVE-2023-24501 was published Jul 6, 2023
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2... Critical Unreviewed
CVE-2022-45444 was published Jul 6, 2023
AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded... Critical Unreviewed
CVE-2023-34338 was published Jul 5, 2023
Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not... Critical Unreviewed
CVE-2023-2611 was published Jun 22, 2023
Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote... Critical Unreviewed
CVE-2022-4333 was published Jun 1, 2023
Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below... Critical Unreviewed
CVE-2023-33778 was published Jun 1, 2023
Files present on firmware images could allow an attacker to gain unauthorized access as a... Critical Unreviewed
CVE-2023-2504 was published May 23, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database