Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

149 advisories

Loading
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in... Critical Unreviewed
CVE-2022-32518 was published Jan 31, 2023
An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated... Critical Unreviewed
CVE-2022-45276 was published Nov 23, 2022
patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is... Critical Unreviewed
CVE-2022-37109 was published Nov 15, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account. Critical Unreviewed
CVE-2020-15347 was published Sep 30, 2022
Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may... Critical Unreviewed
CVE-2022-30601 was published Aug 19, 2022
In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible... Critical Unreviewed
CVE-2022-30285 was published Aug 3, 2022
Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS... Critical Unreviewed
CVE-2021-41506 was published Jul 1, 2022
Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker... Critical Unreviewed
CVE-2022-31887 was published Jun 29, 2022
An attacker with weak credentials could access the TCP port via an open FTP port, allowing an... Critical Unreviewed
CVE-2022-2103 was published Jun 25, 2022
The Orca HCM digital learning platform uses a weak factory default administrator password, which... Critical Unreviewed
CVE-2021-35965 was published May 24, 2022
In SapphireIMS 5.0, it is possible to take over an account by sending a request to the... Critical Unreviewed
CVE-2020-25566 was published May 24, 2022
The manage users profile services of the network camera device allows an authenticated. Remote... Critical Unreviewed
CVE-2021-30167 was published May 24, 2022
The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain... Critical Unreviewed
CVE-2021-28171 was published May 24, 2022
ECOA BAS controller’s special page displays user account and passwords in plain text, thus... Critical Unreviewed
CVE-2021-41300 was published May 24, 2022
Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an... Critical Unreviewed
CVE-2021-21505 was published May 24, 2022
The sensitive information of webcam device is not properly protected. Remote attackers can... Critical Unreviewed
CVE-2021-30168 was published May 24, 2022
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the... Critical Unreviewed
CVE-2019-1384 was published May 24, 2022
Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials. Critical Unreviewed
CVE-2021-40520 was published May 24, 2022
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU... Critical Unreviewed
CVE-2021-20597 was published May 24, 2022
Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. Critical Unreviewed
CVE-2021-30116 was published May 24, 2022
Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and... Critical Unreviewed
CVE-2021-22737 was published May 24, 2022
An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the... Critical Unreviewed
CVE-2020-12061 was published May 24, 2022
Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01... Critical Unreviewed
CVE-2021-27734 was published May 24, 2022
AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows... Critical Unreviewed
CVE-2020-21994 was published May 24, 2022
Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly... Critical Unreviewed
CVE-2021-27372 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database