GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
30 advisories
Filter by severity
A condition exists in FlashArray Purity whereby a local account intended for initial array...
Critical
Unreviewed
CVE-2024-0001
was published
Sep 23, 2024
Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR...
Critical
Unreviewed
CVE-2024-31070
was published
Jul 17, 2024
A vulnerability in the BluStar component of Mitel InAttend 2.6 SP4 through 2.7 and CMG 8.5 SP4...
Critical
Unreviewed
CVE-2024-28815
was published
Mar 27, 2024
Unitronics Vision Series PLCs and HMIs use default administrative passwords. An unauthenticated...
Critical
Unreviewed
CVE-2023-6448
was published
Dec 5, 2023
NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were...
Critical
Unreviewed
CVE-2019-5497
was published
May 24, 2022
doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this...
Critical
Unreviewed
CVE-2019-11618
was published
May 24, 2022
The affected devices use publicly available default credentials with administrative privileges.
Critical
Unreviewed
CVE-2023-39169
was published
Dec 7, 2023
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.
Critical
Unreviewed
CVE-2022-48342
was published
Feb 23, 2023
IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC...
Critical
Unreviewed
CVE-2019-4169
was published
May 24, 2022
An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a...
Critical
Unreviewed
CVE-2018-5770
was published
May 13, 2022
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon...
Critical
Unreviewed
CVE-2018-3591
was published
May 13, 2022
Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote...
Critical
Unreviewed
CVE-2018-15350
was published
May 13, 2022
On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default...
Critical
Unreviewed
CVE-2018-10968
was published
May 13, 2022
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware...
Critical
Unreviewed
CVE-2018-10251
was published
May 13, 2022
vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n...
Critical
Unreviewed
CVE-2017-8218
was published
May 13, 2022
Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts,...
Critical
Unreviewed
CVE-2017-7964
was published
May 13, 2022
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants...
Critical
Unreviewed
CVE-2017-12739
was published
May 13, 2022
A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic...
Critical
Unreviewed
CVE-2018-0130
was published
May 13, 2022
EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability...
Critical
Unreviewed
CVE-2017-8021
was published
May 13, 2022
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change...
Critical
Unreviewed
CVE-2019-3909
was published
May 13, 2022
The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a...
Critical
Unreviewed
CVE-2018-19275
was published
May 13, 2022
A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running...
Critical
Unreviewed
CVE-2017-3834
was published
May 13, 2022
An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in...
Critical
Unreviewed
CVE-2017-5178
was published
May 13, 2022
A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do...
Critical
Unreviewed
CVE-2021-3586
was published
Aug 23, 2022
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default...
Critical
Unreviewed
CVE-2022-24706
was published
Apr 27, 2022
ProTip!
Advisories are also available from the
GraphQL API