Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

553 advisories

Loading
Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials Critical Unreviewed
CVE-2023-32227 was published Jul 30, 2023
TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password (PIN):... Critical Unreviewed
CVE-2023-33744 was published Jul 27, 2023
Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An... Critical Unreviewed
CVE-2023-37291 was published Jul 21, 2023
SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated... Critical Unreviewed
CVE-2023-37286 was published Jul 10, 2023
SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated... Critical Unreviewed
CVE-2023-37287 was published Jul 10, 2023
PiiGAB M-Bus contains hard-coded credentials which it uses for authentication. Critical Unreviewed
CVE-2023-35987 was published Jul 7, 2023
Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious... Critical Unreviewed
CVE-2023-2158 was published Jul 6, 2023
Electra Central AC unit – Hardcoded Credentials in unspecified code used by the unit. Critical Unreviewed
CVE-2023-24501 was published Jul 6, 2023
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2... Critical Unreviewed
CVE-2022-45444 was published Jul 6, 2023
AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded... Critical Unreviewed
CVE-2023-34338 was published Jul 5, 2023
Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not... Critical Unreviewed
CVE-2023-2611 was published Jun 22, 2023
Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote... Critical Unreviewed
CVE-2022-4333 was published Jun 1, 2023
Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below... Critical Unreviewed
CVE-2023-33778 was published Jun 1, 2023
Files present on firmware images could allow an attacker to gain unauthorized access as a... Critical Unreviewed
CVE-2023-2504 was published May 23, 2023
Snap One OvrC Pro versions prior to 7.2 have their own locally... Critical Unreviewed
CVE-2023-31240 was published May 22, 2023
MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability... Critical Unreviewed
CVE-2023-33236 was published May 22, 2023
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard... Critical Unreviewed
CVE-2023-30352 was published May 10, 2023
European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak... Critical Unreviewed
CVE-2023-26089 was published May 2, 2023
Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user... Critical Unreviewed
CVE-2022-41400 was published Apr 28, 2023
The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard... Critical Unreviewed
CVE-2022-41397 was published Apr 28, 2023
An issue was discovered in Fighting Cock Information System 1.0, which uses default credentials,... Critical Unreviewed
CVE-2022-39989 was published Apr 26, 2023
@nuxtlabs/github-module made Use of Hard-coded Credentials Critical
CVE-2023-2138 was published for @nuxtlabs/github-module (npm) Apr 18, 2023
The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with... Critical Unreviewed
CVE-2023-1748 was published Apr 4, 2023
Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded... Critical Unreviewed
CVE-2023-28654 was published Mar 28, 2023
Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows... Critical Unreviewed
CVE-2022-22512 was published Mar 23, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database