Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,298
Erlang
31
GitHub Actions
21
Go
2,063
Maven
5,000+
npm
3,744
NuGet
668
pip
3,424
Pub
12
RubyGems
892
Rust
876
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,179 advisories

Loading
Apprite CLI makes Use of Hard-coded Credentials Moderate
CVE-2023-50974 was published for appwrite (npm) Jan 9, 2024
IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or... Moderate Unreviewed
CVE-2023-50948 was published Jan 8, 2024
An issue in Automatic Systems SOC FL9600 FastLine v.lego_T04E00 allows a remote attacker to... High Unreviewed
CVE-2023-37608 was published Jan 3, 2024
An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses... Moderate Unreviewed
CVE-2023-49228 was published Dec 28, 2023
Phlox com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus has an Android... Moderate Unreviewed
CVE-2023-46918 was published Dec 28, 2023
Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka... Moderate Unreviewed
CVE-2023-46919 was published Dec 27, 2023
VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an... Moderate Unreviewed
CVE-2023-46711 was published Dec 26, 2023
In Pexip VMR self-service portal before 3, the same SSH host key is used across different... Moderate Unreviewed
CVE-2023-40236 was published Dec 25, 2023
IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or... Moderate Unreviewed
CVE-2023-47704 was published Dec 20, 2023
When installing the Net2 software a root certificate is installed into the trusted store. A... High Unreviewed
CVE-2023-43870 was published Dec 19, 2023
Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard... Critical Unreviewed
CVE-2023-48392 was published Dec 15, 2023
Multisuns EasyLog web+ has a vulnerability of using hard-coded credentials. An remote attacker... Critical Unreviewed
CVE-2023-48388 was published Dec 15, 2023
SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard... Moderate Unreviewed
CVE-2023-48374 was published Dec 15, 2023
Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for... Moderate Unreviewed
CVE-2023-43583 was published Dec 14, 2023
Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login... High Unreviewed
CVE-2023-36651 was published Dec 12, 2023
A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion... High Unreviewed
CVE-2023-36647 was published Dec 12, 2023
NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key. Critical Unreviewed
CVE-2023-40300 was published Dec 7, 2023
The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard... High Unreviewed
CVE-2023-33413 was published Dec 7, 2023
The affected devices use publicly available default credentials with administrative privileges. Critical Unreviewed
CVE-2023-39169 was published Dec 7, 2023
Unitronics Vision Series PLCs and HMIs use default administrative passwords. An unauthenticated... Critical Unreviewed
CVE-2023-6448 was published Dec 5, 2023
Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate... High Unreviewed
CVE-2023-40464 was published Dec 5, 2023
When configured in debugging mode by an authenticated user with administrative... High Unreviewed
CVE-2023-40463 was published Dec 5, 2023
The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3... Low Unreviewed
CVE-2023-28895 was published Dec 1, 2023
Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain hardcoded credentials... Critical Unreviewed
CVE-2023-23324 was published Nov 29, 2023
The FACSChorus software contains sensitive information stored in plaintext. A threat actor could... Moderate Unreviewed
CVE-2023-29064 was published Nov 28, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database