GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,632
Composer 4,226
Erlang 31
GitHub Actions 19
Go 1,991
Maven 5,177
npm 3,708
NuGet 661
pip 3,341
Pub 11
RubyGems 884
Rust 846
Swift 36

Unreviewed advisories

All unreviewed 234,549

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

167 advisories

Filter by severity

Sort by

Least recently updated

Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for... Moderate Unreviewed

CVE-2022-29960 was published Jul 27, 2022

An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES... Moderate Unreviewed

CVE-2022-25807 was published Jun 10, 2022

In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the... Moderate Unreviewed

CVE-2021-42892 was published Jun 4, 2022

In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, hard-coded credentials in the... Moderate Unreviewed

CVE-2020-27278 was published May 24, 2022

A hard-coded password vulnerability exists in the SFTP Log Collection Server function of Trend... Moderate Unreviewed

CVE-2021-32459 was published May 24, 2022

A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions... Moderate Unreviewed

CVE-2019-6859 was published May 24, 2022

IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could... Moderate Unreviewed

CVE-2019-4220 was published May 24, 2022

** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt... Moderate Unreviewed

CVE-2021-43575 was published May 24, 2022

A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 (64-bit edition) with... Moderate Unreviewed

CVE-2021-41320 was published May 24, 2022

Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an... Moderate Unreviewed

CVE-2021-34744 was published May 24, 2022

Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an... Moderate Unreviewed

CVE-2021-34757 was published May 24, 2022

Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an... Moderate Unreviewed

CVE-2021-34571 was published May 24, 2022

Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt... Moderate Unreviewed

CVE-2021-36234 was published May 24, 2022

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials,... Moderate Unreviewed

CVE-2021-29728 was published May 24, 2022

Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7... Moderate Unreviewed

CVE-2021-27503 was published May 24, 2022

IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or... Moderate Unreviewed

CVE-2021-20537 was published May 24, 2022

Multiple vulnerabilities in the web-based management interface of Cisco Business Process... Moderate Unreviewed

CVE-2021-1576 was published May 24, 2022

ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in... Moderate Unreviewed

CVE-2021-27481 was published May 24, 2022

An issue was discovered on Enphase Envoy R3.x and D4.x devices. There are hardcoded web-panel... Moderate Unreviewed

CVE-2020-25752 was published May 24, 2022

A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a... Moderate Unreviewed

CVE-2021-3565 was published May 24, 2022

A security vulnerability in HPE Unified Data Management (UDM) could allow the local disclosure of... Moderate Unreviewed

CVE-2021-26579 was published May 24, 2022

The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to... Moderate Unreviewed

CVE-2020-35137 was published May 24, 2022

Use of hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and... Moderate Unreviewed

CVE-2020-12376 was published May 24, 2022

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a hard-coded physician PIN... Moderate Unreviewed

CVE-2020-27256 was published May 24, 2022

A vulnerability has been identified in SCALANCE X-300 switch family (incl. X408 and SIPLUS NET... Moderate Unreviewed

CVE-2020-28395 was published May 24, 2022

Previous 1 2 3 4 5 6 7 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

167 advisories