Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,299
Erlang
31
GitHub Actions
21
Go
2,064
Maven
5,000+
npm
3,744
NuGet
668
pip
3,424
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

169 advisories

Loading
RuoYi v3.8.3 has a Weak password vulnerability in the management system. Critical Unreviewed
CVE-2022-37158 was published Aug 26, 2022
Missing password strength check in notrinos/notrinos-erp High
CVE-2022-2927 was published for notrinos/notrinos-erp (Composer) Aug 23, 2022
Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the... High Unreviewed
CVE-2022-34772 was published Aug 23, 2022
Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain... Critical Unreviewed
CVE-2022-34615 was published Aug 20, 2022
Contract Management System v2.0 contains a weak default password which gives attackers to access... High Unreviewed
CVE-2022-35198 was published Aug 19, 2022
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have... Critical Unreviewed
CVE-2022-35280 was published Aug 11, 2022
Raneto v0.17.0 employs weak password complexity requirements Critical
CVE-2022-35143 was published for raneto (npm) Aug 5, 2022
BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a... High Unreviewed
CVE-2022-36301 was published Aug 2, 2022
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET... Critical Unreviewed
CVE-2022-31211 was published Jul 18, 2022
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices,... High Unreviewed
CVE-2022-28377 was published Jul 15, 2022
Weak default root user credentials allow remote attackers to easily obtain OS superuser... Critical Unreviewed
CVE-2022-1668 was published Jun 25, 2022
Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1. Critical Unreviewed
CVE-2022-2098 was published Jun 17, 2022
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The default pre-shared key... High Unreviewed
CVE-2022-30325 was published Jun 17, 2022
Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password... High Unreviewed
CVE-2022-29729 was published Jun 3, 2022
Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement... High Unreviewed
CVE-2022-29098 was published Jun 2, 2022
In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not... High Unreviewed
CVE-2021-25923 was published May 24, 2022
Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before... High Unreviewed
CVE-2020-15369 was published May 24, 2022
A flaw was found in Samba, all versions starting samba 4.5.0 until samba 4.9.15, samba 4.10.10,... Moderate Unreviewed
CVE-2019-14833 was published May 24, 2022
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong... Moderate Unreviewed
CVE-2019-4565 was published May 24, 2022
IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for... High Unreviewed
CVE-2019-4321 was published May 24, 2022
IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong... High Unreviewed
CVE-2019-4235 was published May 24, 2022
A local attacker could bypass the app password using a race condition in Sophos Secure Workspace... High Unreviewed
CVE-2021-36808 was published May 24, 2022
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient... Critical Unreviewed
CVE-2021-38462 was published May 24, 2022
The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and... Critical Unreviewed
CVE-2021-35498 was published May 24, 2022
ECOA BAS controller uses weak set of default administrative credentials that can be easily... Critical Unreviewed
CVE-2021-41296 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database