GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,150 advisories
Filter by severity
In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of...
High
Unreviewed
CVE-2024-7295
was published
Nov 13, 2024
An attacker with local access to the medical office computer can
access restricted functions of...
High
Unreviewed
CVE-2024-50593
was published
Nov 8, 2024
A vulnerability, which was classified as problematic, has been found in Cosmote Greece What's Up...
Low
Unreviewed
CVE-2024-10748
was published
Nov 4, 2024
LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily...
Critical
Unreviewed
CVE-2024-51431
was published
Nov 1, 2024
A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows...
High
Unreviewed
CVE-2024-28875
was published
Oct 30, 2024
A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows...
High
Unreviewed
CVE-2024-31151
was published
Oct 30, 2024
IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030...
Critical
Unreviewed
CVE-2024-45656
was published
Oct 29, 2024
Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update...
Critical
Unreviewed
CVE-2024-48539
was published
Oct 24, 2024
A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100,...
Critical
Unreviewed
CVE-2024-20412
was published
Oct 23, 2024
Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in...
Moderate
Unreviewed
CVE-2024-5764
was published
Oct 23, 2024
MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded...
Moderate
Unreviewed
CVE-2024-4740
was published
Oct 18, 2024
Tenda G3 v15.01.0.5(2848_755)_EN was discovered to contain a hardcoded password vulnerability in ...
High
Unreviewed
CVE-2024-48192
was published
Oct 17, 2024
A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain...
Critical
Unreviewed
CVE-2024-10025
was published
Oct 17, 2024
A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with...
Moderate
Unreviewed
CVE-2024-20280
was published
Oct 16, 2024
VM images built with Image Builder and Proxmox provider use default credentials in github.com/kubernetes-sigs/image-builder
Critical
CVE-2024-9486
was published
for
github.com/kubernetes-sigs/image-builder
(Go)
Oct 15, 2024
VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder
Moderate
CVE-2024-9594
was published
for
github.com/kubernetes-sigs/image-builder
(Go)
Oct 15, 2024
The devices contain two hard coded user accounts with hardcoded passwords that allow an...
Critical
Unreviewed
CVE-2024-45275
was published
Oct 15, 2024
An issue was discovered in Infinera hiT 7300 5.60.50. A hidden SSH service (on the local...
High
Unreviewed
CVE-2024-28812
was published
Sep 30, 2024
Certain switch models from PLANET Technology have a Hard-coded Credential in the password...
Moderate
Unreviewed
CVE-2024-8449
was published
Sep 30, 2024
Certain switch models from PLANET Technology have a Hard-coded community string in the SNMPv1...
High
Unreviewed
CVE-2024-8450
was published
Sep 30, 2024
Certain switch models from PLANET Technology have a hard-coded credential in the specific command...
High
Unreviewed
CVE-2024-8448
was published
Sep 30, 2024
Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass...
Moderate
Unreviewed
CVE-2024-23958
was published
Sep 28, 2024
The web application for ProGauge MAGLINK LX4 CONSOLE contains an
administrative-level user...
Critical
Unreviewed
CVE-2024-43423
was published
Sep 25, 2024
Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if...
Critical
Unreviewed
CVE-2024-45861
was published
Sep 19, 2024
Dragonfly2 has hard coded cyptographic key
Critical
CVE-2023-27584
was published
for
d7y.io/dragonfly/v2
(Go)
Sep 19, 2024
ProTip!
Advisories are also available from the
GraphQL API