Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
832
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,145 advisories

Loading
Hard-Coded Key Used For Remember-me Token in Opencast Moderate
CVE-2020-5222 was published for org.opencastproject:opencast-kernel (Maven) Jan 30, 2020
LukasKalbertodt
EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. Unit has an undocumented... Critical Unreviewed
CVE-2022-39185 was published Jan 12, 2023
Use of a hard-coded cryptographic key pair by the telnetd_startup service allows an attacker on... High Unreviewed
CVE-2022-25217 was published Mar 11, 2022
Improper physical access control and use of hard-coded credentials in /etc/passwd permits an... High Unreviewed
CVE-2022-25213 was published Mar 11, 2022
The following Yokogawa Electric products hard-code the password for CAMS server applications:... Critical Unreviewed
CVE-2022-23402 was published Mar 12, 2022
Hard coded credentials in FreeTAKServer High
CVE-2022-25510 was published for FreeTAKServer (pip) Mar 12, 2022
The following Yokogawa Electric products do not change the passwords of the internal Windows... Critical Unreviewed
CVE-2022-21194 was published Mar 12, 2022
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded... High Unreviewed
CVE-2022-25246 was published Mar 17, 2022
RunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted... High Unreviewed
CVE-2022-26660 was published Mar 17, 2022
An information disclosure vulnerability exists due to the hardcoded TLS key of reolink RLC-410W... Moderate Unreviewed
CVE-2022-21199 was published Jan 29, 2022
By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS... Moderate Unreviewed
CVE-2020-25193 was published Mar 19, 2022
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a... Moderate Unreviewed
CVE-2020-25180 was published Mar 19, 2022
Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard coded credentials. A hardcoded... Critical Unreviewed
CVE-2021-45877 was published Mar 22, 2022
GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials.... Moderate Unreviewed
CVE-2021-27430 was published Mar 24, 2022
ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite... Critical Unreviewed
CVE-2022-25577 was published Mar 26, 2022
In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official... High Unreviewed
CVE-2021-46008 was published Apr 1, 2022
Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded... Critical Unreviewed
CVE-2022-24693 was published Mar 31, 2022
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP... Critical Unreviewed
CVE-2022-1162 was published Apr 5, 2022
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21,... Critical Unreviewed
CVE-2021-30064 was published Apr 5, 2022
A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of... High Unreviewed
CVE-2022-23440 was published Apr 7, 2022
Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static SSH keys across... Critical Unreviewed
CVE-2022-25569 was published Apr 5, 2022
Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source... High Unreviewed
CVE-2022-26671 was published Apr 8, 2022
A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiEDR versions 5.0.2, 5.0.1,... Critical Unreviewed
CVE-2022-23441 was published Apr 7, 2022
Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. This allows a local user... Moderate Unreviewed
CVE-2022-22560 was published Apr 13, 2022
Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI Moderate Unreviewed
CVE-2022-27506 was published Apr 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database