Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,825
Erlang
36
GitHub Actions
32
Go
2,417
Maven
5,000+
npm
4,054
NuGet
723
pip
3,845
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+

599 advisories

Loading
An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS... Critical Unreviewed
CVE-2024-28747 was published Jul 9, 2024
A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013... Critical Unreviewed
CVE-2023-46685 was published Jul 8, 2024
mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code... Critical Unreviewed
CVE-2024-4708 was published Jul 3, 2024
Hardcoded credentials are discovered within the application's source code, creating a potential... Critical Unreviewed
CVE-2023-41919 was published Jul 2, 2024
luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials. Critical Unreviewed
CVE-2024-39208 was published Jun 27, 2024
TELSAT marKoni FM Transmitters are vulnerable to an attacker exploiting a hidden admin account... Critical Unreviewed
CVE-2024-39374 was published Jun 27, 2024
Use of Hard-coded Credentials vulnerability in Baicells Snap Router BaiCE_BMI on EP3011 (User... Critical Unreviewed
CVE-2023-6198 was published Jun 25, 2024
Use of hard-coded credentials issue exists in Ricoh Streamline NX PC Client ver.3.7.2 and earlier... Critical Unreviewed
CVE-2024-36480 was published Jun 19, 2024
Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw default password. Critical Unreviewed
CVE-2024-38466 was published Jun 16, 2024
Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator Critical Unreviewed
CVE-2024-29855 was published Jun 11, 2024
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive... Critical Unreviewed
CVE-2024-3700 was published Jun 10, 2024
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive... Critical Unreviewed
CVE-2024-1228 was published Jun 10, 2024
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive... Critical Unreviewed
CVE-2024-3699 was published Jun 10, 2024
TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in ... Critical Unreviewed
CVE-2024-36782 was published Jun 3, 2024
Hard-coded credentials are used by the  CyberPower PowerPanel platform to authenticate to the ... Critical Unreviewed
CVE-2024-32053 was published May 15, 2024
Weak account password in GE HealthCare EchoPAC products Critical Unreviewed
CVE-2024-27107 was published May 14, 2024
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device... Critical Unreviewed
CVE-2024-32740 was published May 14, 2024
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at ... Critical Unreviewed
CVE-2024-31810 was published May 14, 2024
D-Link D-View InstallApplication Use of Hard-coded Credentials Authentication Bypass... Critical Unreviewed
CVE-2023-44411 was published May 3, 2024
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been... Critical Unreviewed
CVE-2024-3272 was published Apr 4, 2024
Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass... Critical Unreviewed
CVE-2024-2161 was published Mar 21, 2024
Chirp Access improperly stores credentials within its source code, potentially exposing... Critical Unreviewed
CVE-2024-2197 was published Mar 20, 2024
Insecure AES key in Yealink Configuration Encrypt Tool below verrsion 1.2. A single, vendorwide,... Critical Unreviewed
CVE-2024-24681 was published Feb 24, 2024
INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. The same... Critical Unreviewed
CVE-2024-0390 was published Feb 15, 2024
A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0)... Critical Unreviewed
CVE-2024-23816 was published Feb 13, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database