Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

425 advisories

Loading
Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password ... High Unreviewed
CVE-2022-31462 was published Jun 3, 2022
Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded... High Unreviewed
CVE-2022-31460 was published Jun 3, 2022
An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4... High Unreviewed
CVE-2021-33014 was published May 27, 2022
Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak... High Unreviewed
CVE-2020-15382 was published May 24, 2022
The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key... High Unreviewed
CVE-2021-38461 was published May 24, 2022
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only... High Unreviewed
CVE-2021-41827 was published May 24, 2022
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with... High Unreviewed
CVE-2021-41828 was published May 24, 2022
A vulnerability involving insecure storage of sensitive information has been reported to affect... High Unreviewed
CVE-2021-28813 was published May 24, 2022
BAB TECHNOLOGIE GmbH eibPort V3. Each device has its own unique hard coded and weak root SSH key... High Unreviewed
CVE-2021-28912 was published May 24, 2022
An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can... High Unreviewed
CVE-2021-33484 was published May 24, 2022
Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron... High Unreviewed
CVE-2021-39245 was published May 24, 2022
SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server. This... High Unreviewed
CVE-2020-25561 was published May 24, 2022
Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an undocumented account with... High Unreviewed
CVE-2020-5351 was published May 24, 2022
A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D... High Unreviewed
CVE-2021-21818 was published May 24, 2022
Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by... High Unreviewed
CVE-2021-0279 was published May 24, 2022
Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14... High Unreviewed
CVE-2021-20748 was published May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Business Process... High Unreviewed
CVE-2021-1574 was published May 24, 2022
Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local... High Unreviewed
CVE-2021-32521 was published May 24, 2022
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API... High Unreviewed
CVE-2021-33220 was published May 24, 2022
Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in... High Unreviewed
CVE-2021-24005 was published May 24, 2022
This vulnerability allows attackers with physical access to escalate privileges on affected... High Unreviewed
CVE-2021-31505 was published May 24, 2022
In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic... High Unreviewed
CVE-2021-33529 was published May 24, 2022
In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded... High Unreviewed
CVE-2021-33531 was published May 24, 2022
In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented... High Unreviewed
CVE-2021-33540 was published May 24, 2022
Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0... High Unreviewed
CVE-2021-34812 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database