Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,152 advisories

Loading
The following Yokogawa Electric products do not change the passwords of the internal Windows... Critical Unreviewed
CVE-2022-21194 was published Mar 12, 2022
The following Yokogawa Electric products hard-code the password for CAMS server applications:... Critical Unreviewed
CVE-2022-23402 was published Mar 12, 2022
Improper physical access control and use of hard-coded credentials in /etc/passwd permits an... High Unreviewed
CVE-2022-25213 was published Mar 11, 2022
Use of a hard-coded cryptographic key pair by the telnetd_startup service allows an attacker on... High Unreviewed
CVE-2022-25217 was published Mar 11, 2022
Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to... High Unreviewed
CVE-2022-24255 was published Mar 3, 2022
Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials... Critical Unreviewed
CVE-2022-25045 was published Mar 3, 2022
Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform... Critical Unreviewed
CVE-2022-25329 was published Feb 25, 2022
Use of Hard-coded Cryptographic Key in Netmaker High
CVE-2022-23650 was published for github.com/gravitl/netmaker (Go) Feb 22, 2022
JamieSlome MrSuicideParrot
Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric... Critical Unreviewed
CVE-2021-27797 was published Feb 22, 2022
The use of a hard-coded cryptographic key significantly increases the possibility encrypted data... High Unreviewed
CVE-2021-46247 was published Feb 18, 2022
BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat... High Unreviewed
CVE-2022-22765 was published Feb 15, 2022
Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the... Critical Unreviewed
CVE-2020-36062 was published Feb 12, 2022
Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be... Moderate Unreviewed
CVE-2022-22766 was published Feb 12, 2022
Incorrect handling of credential expiry by /nats-io/nats-server Critical
CVE-2020-26892 was published for github.com/nats-io/jwt (Go) Feb 11, 2022
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information... High Unreviewed
CVE-2022-22722 was published Feb 11, 2022
A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an attacker were to obtain the... Critical Unreviewed
CVE-2022-22813 was published Feb 11, 2022
The affected product has a hardcoded private key available inside the project folder, which may... Critical Unreviewed
CVE-2022-22987 was published Feb 10, 2022
A vulnerability has been identified in SICAM TOOLBOX II (All versions). Affected applications use... Moderate Unreviewed
CVE-2021-45106 was published Feb 10, 2022
A Use of Hardcoded Credentials vulnerability exists in AquaView versions 1.60, 7.x, and 8.x that... High Unreviewed
CVE-2021-42833 was published Feb 8, 2022
Online Course Registration v1.0 was discovered to contain hardcoded credentials in the source... Critical Unreviewed
CVE-2020-36064 was published Feb 1, 2022
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to... High Unreviewed
CVE-2021-42635 was published Feb 1, 2022
An information disclosure vulnerability exists due to the hardcoded TLS key of reolink RLC-410W... Moderate Unreviewed
CVE-2022-21199 was published Jan 29, 2022
MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key... Critical Unreviewed
CVE-2022-22928 was published Jan 22, 2022
Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any... Critical Unreviewed
CVE-2021-23233 was published Jan 22, 2022
Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains service credentials likely... High Unreviewed
CVE-2021-44464 was published Jan 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database