GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,318
Erlang
31
GitHub Actions
21
Go
2,074
Maven
5,000+
npm
3,746
NuGet
674
pip
3,434
Pub
12
RubyGems
892
Rust
880
Swift
37
Unreviewed advisories
All unreviewed
5,000+
552 advisories
Filter by severity
Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default...
Critical
Unreviewed
CVE-2018-14943
was published
May 14, 2022
Multiple hardcoded credentials in Xsuite 2.x.
Critical
Unreviewed
CVE-2015-4667
was published
May 14, 2022
Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password...
Critical
Unreviewed
CVE-2014-6617
was published
May 14, 2022
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9...
Critical
Unreviewed
CVE-2018-10575
was published
May 14, 2022
Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service...
Critical
Unreviewed
CVE-2018-0038
was published
May 14, 2022
Use of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the...
Critical
Unreviewed
CVE-2018-11641
was published
May 14, 2022
Sollae Serial-Ethernet-Module and Remote-I/O-Device-Server devices have a default password of...
Critical
Unreviewed
CVE-2018-12924
was published
May 14, 2022
Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote...
Critical
Unreviewed
CVE-2018-12526
was published
May 14, 2022
In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of...
Critical
Unreviewed
CVE-2018-6213
was published
May 14, 2022
The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with...
Critical
Unreviewed
CVE-2014-3413
was published
May 14, 2022
/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL...
Critical
Unreviewed
CVE-2018-11482
was published
May 14, 2022
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO...
Critical
Unreviewed
CVE-2018-11311
was published
May 14, 2022
An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform...
Critical
Unreviewed
CVE-2018-11094
was published
May 14, 2022
A low privileged admin account with a weak default password of admin exists on the Foxconn FEMTO...
Critical
Unreviewed
CVE-2018-9112
was published
May 14, 2022
Meross MSS110 devices before 1.1.24 contain a TELNET listener providing access for an...
Critical
Unreviewed
CVE-2018-6401
was published
May 14, 2022
The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to...
Critical
Unreviewed
CVE-2017-17539
was published
May 14, 2022
The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain...
Critical
Unreviewed
CVE-2017-17540
was published
May 14, 2022
Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT...
Critical
Unreviewed
CVE-2018-10723
was published
May 14, 2022
Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded...
Critical
Unreviewed
CVE-2018-9161
was published
May 14, 2022
A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router...
Critical
Unreviewed
CVE-2018-5768
was published
May 14, 2022
EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains...
Critical
Unreviewed
CVE-2017-8013
was published
May 14, 2022
A hard-coded password vulnerability was discovered in vApp Manager which is embedded in Dell EMC...
Critical
Unreviewed
CVE-2018-1216
was published
May 14, 2022
An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover a weakly...
Critical
Unreviewed
CVE-2017-11634
was published
May 14, 2022
Datto ALTO and SIRIS devices have a default VNC password.
Critical
Unreviewed
CVE-2015-9254
was published
May 14, 2022
backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@#...
Critical
Unreviewed
CVE-2014-3205
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API