Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,987
Maven
5,000+
npm
3,704
NuGet
661
pip
3,330
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

425 advisories

Loading
Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An... High Unreviewed
CVE-2022-45425 was published Dec 27, 2022
Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin... High Unreviewed
CVE-2022-36222 was published Dec 21, 2022
Common encryption key appears to be used across all deployed instances of Serv-U FTP Server.... High Unreviewed
CVE-2021-35252 was published Dec 20, 2022
Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a... High Unreviewed
CVE-2022-2660 was published Dec 14, 2022
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through... High Unreviewed
CVE-2022-46411 was published Dec 4, 2022
Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions... High Unreviewed
CVE-2022-29829 was published Nov 25, 2022
Use of Hard-coded Password vulnerability in Mitsubishi Electric GX Works3 all versions allows an... High Unreviewed
CVE-2022-29825 was published Nov 25, 2022
Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions... High Unreviewed
CVE-2022-29827 was published Nov 25, 2022
Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions... High Unreviewed
CVE-2022-29828 was published Nov 25, 2022
Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1... High Unreviewed
CVE-2022-29831 was published Nov 25, 2022
Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: ... High Unreviewed
CVE-2022-37710 was published Nov 7, 2022
BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited... High Unreviewed
CVE-2022-40263 was published Nov 5, 2022
A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco... High Unreviewed
CVE-2022-20868 was published Nov 4, 2022
Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle ... High Unreviewed
CVE-2021-4228 was published Oct 24, 2022
In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to... High Unreviewed
CVE-2022-42176 was published Oct 20, 2022
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a... High Unreviewed
CVE-2022-38420 was published Oct 15, 2022
Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An... High Unreviewed
CVE-2022-34425 was published Oct 11, 2022
FlyteAdmin's Default OAuth Authorization Server secret must be rotated High
CVE-2022-39273 was published for github.com/flyteorg/flyteadmin (Go) Oct 5, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication. High Unreviewed
CVE-2020-15327 was published Sep 30, 2022
Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for... High Unreviewed
CVE-2022-36159 was published Sep 27, 2022
Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges... High Unreviewed
CVE-2022-31322 was published Sep 14, 2022
bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded... High Unreviewed
CVE-2022-37857 was published Sep 9, 2022
In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded password for root in /etc/shadow... High Unreviewed
CVE-2022-37841 was published Sep 7, 2022
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at... High Unreviewed
CVE-2022-36613 was published Aug 29, 2022
TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root... High Unreviewed
CVE-2022-36615 was published Aug 29, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database