GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
529 advisories
Filter by severity
Allegra Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows...
Critical
Unreviewed
CVE-2023-51638
was published
Nov 22, 2024
The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is...
Critical
Unreviewed
CVE-2024-42450
was published
Nov 19, 2024
The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in...
Critical
Unreviewed
CVE-2024-48971
was published
Nov 15, 2024
LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily...
Critical
Unreviewed
CVE-2024-51431
was published
Nov 1, 2024
IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030...
Critical
Unreviewed
CVE-2024-45656
was published
Oct 29, 2024
Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update...
Critical
Unreviewed
CVE-2024-48539
was published
Oct 24, 2024
A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100,...
Critical
Unreviewed
CVE-2024-20412
was published
Oct 23, 2024
A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain...
Critical
Unreviewed
CVE-2024-10025
was published
Oct 17, 2024
The devices contain two hard coded user accounts with hardcoded passwords that allow an...
Critical
Unreviewed
CVE-2024-45275
was published
Oct 15, 2024
The web application for ProGauge MAGLINK LX4 CONSOLE contains an
administrative-level user...
Critical
Unreviewed
CVE-2024-43423
was published
Sep 25, 2024
Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if...
Critical
Unreviewed
CVE-2024-45861
was published
Sep 19, 2024
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker...
Critical
Unreviewed
CVE-2024-20439
was published
Sep 4, 2024
The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are...
Critical
Unreviewed
CVE-2024-6633
was published
Aug 27, 2024
A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207....
Critical
Unreviewed
CVE-2024-8162
was published
Aug 26, 2024
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability,...
Critical
Unreviewed
CVE-2024-28987
was published
Aug 22, 2024
H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow...
Critical
Unreviewed
CVE-2024-42637
was published
Aug 16, 2024
H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc...
Critical
Unreviewed
CVE-2024-42638
was published
Aug 16, 2024
Password reset tokens are generated using an insecure source of randomness. Attackers who know...
Critical
Unreviewed
CVE-2024-6890
was published
Aug 8, 2024
A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as...
Critical
Unreviewed
CVE-2024-7332
was published
Aug 1, 2024
In D-Link DIR-860L REVA FIRMWARE PATCH 1.10..B04, the Telnet service contains hardcoded...
Critical
Unreviewed
CVE-2024-41611
was published
Jul 30, 2024
D-Link DIR-820LW REVB FIRMWARE PATCH 2.03.B01_TC contains hardcoded credentials in the Telnet...
Critical
Unreviewed
CVE-2024-41610
was published
Jul 30, 2024
Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to...
Critical
Unreviewed
CVE-2024-6912
was published
Jul 22, 2024
Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root.
Critical
Unreviewed
CVE-2024-35338
was published
Jul 16, 2024
An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS...
Critical
Unreviewed
CVE-2024-28747
was published
Jul 9, 2024
A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013...
Critical
Unreviewed
CVE-2023-46685
was published
Jul 8, 2024
ProTip!
Advisories are also available from the
GraphQL API