Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,762
NuGet
678
pip
3,447
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

1,185 advisories

Loading
ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite... Critical Unreviewed
CVE-2022-25577 was published Mar 26, 2022
GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials.... Moderate Unreviewed
CVE-2021-27430 was published Mar 24, 2022
Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard coded credentials. A hardcoded... Critical Unreviewed
CVE-2021-45877 was published Mar 22, 2022
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a... Moderate Unreviewed
CVE-2020-25180 was published Mar 19, 2022
By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS... Moderate Unreviewed
CVE-2020-25193 was published Mar 19, 2022
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded... High Unreviewed
CVE-2022-25246 was published Mar 17, 2022
RunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted... High Unreviewed
CVE-2022-26660 was published Mar 17, 2022
Hard coded credentials in FreeTAKServer High
CVE-2022-25510 was published for FreeTAKServer (pip) Mar 12, 2022
The following Yokogawa Electric products do not change the passwords of the internal Windows... Critical Unreviewed
CVE-2022-21194 was published Mar 12, 2022
The following Yokogawa Electric products hard-code the password for CAMS server applications:... Critical Unreviewed
CVE-2022-23402 was published Mar 12, 2022
Improper physical access control and use of hard-coded credentials in /etc/passwd permits an... High Unreviewed
CVE-2022-25213 was published Mar 11, 2022
Use of a hard-coded cryptographic key pair by the telnetd_startup service allows an attacker on... High Unreviewed
CVE-2022-25217 was published Mar 11, 2022
Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to... High Unreviewed
CVE-2022-24255 was published Mar 3, 2022
Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials... Critical Unreviewed
CVE-2022-25045 was published Mar 3, 2022
Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform... Critical Unreviewed
CVE-2022-25329 was published Feb 25, 2022
Use of Hard-coded Cryptographic Key in Netmaker High
CVE-2022-23650 was published for github.com/gravitl/netmaker (Go) Feb 22, 2022
JamieSlome MrSuicideParrot
Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric... Critical Unreviewed
CVE-2021-27797 was published Feb 22, 2022
The use of a hard-coded cryptographic key significantly increases the possibility encrypted data... High Unreviewed
CVE-2021-46247 was published Feb 18, 2022
BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat... High Unreviewed
CVE-2022-22765 was published Feb 15, 2022
Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the... Critical Unreviewed
CVE-2020-36062 was published Feb 12, 2022
Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be... Moderate Unreviewed
CVE-2022-22766 was published Feb 12, 2022
Incorrect handling of credential expiry by /nats-io/nats-server Critical
CVE-2020-26892 was published for github.com/nats-io/jwt (Go) Feb 11, 2022
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information... High Unreviewed
CVE-2022-22722 was published Feb 11, 2022
A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an attacker were to obtain the... Critical Unreviewed
CVE-2022-22813 was published Feb 11, 2022
The affected product has a hardcoded private key available inside the project folder, which may... Critical Unreviewed
CVE-2022-22987 was published Feb 10, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database