GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
63 advisories
Filter by severity
A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could...
High
Unreviewed
CVE-2024-20350
was published
Sep 25, 2024
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys...
Moderate
Unreviewed
CVE-2023-4328
was published
Aug 15, 2023
IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to...
Critical
Unreviewed
CVE-2024-46612
was published
Sep 25, 2024
Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a...
High
Unreviewed
CVE-2022-48625
was published
Feb 20, 2024
Avtec Outpost uses a default cryptographic key that can be used to decrypt sensitive information.
High
Unreviewed
CVE-2024-42418
was published
Aug 22, 2024
Password reset tokens are generated using an insecure source of randomness. Attackers who know...
Critical
Unreviewed
CVE-2024-6890
was published
Aug 8, 2024
SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which...
Critical
Unreviewed
CVE-2019-19753
was published
Apr 30, 2024
A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauthenticated, remote...
High
Unreviewed
CVE-2024-20323
was published
Jul 17, 2024
HiveOS through 0.6-102@191212 ships with SSH host keys baked into the installation image, which...
Unknown
Unreviewed
CVE-2019-19754
was published
Apr 30, 2024
Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP...
High
Unreviewed
CVE-2024-33891
was published
Apr 29, 2024
minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product.
Critical
Unreviewed
CVE-2019-19750
was published
May 24, 2022
A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE...
Moderate
Unreviewed
CVE-2023-44318
was published
Nov 14, 2023
The devices which CyberPower PowerPanel manages use identical certificates based on a
hard-coded...
High
Unreviewed
CVE-2024-31410
was published
May 15, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All...
Critical
Unreviewed
CVE-2024-30207
was published
May 14, 2024
A hard-coded AES key vulnerability was reported in the Motorola GuideMe application, along with...
Moderate
Unreviewed
CVE-2024-3109
was published
May 3, 2024
Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure...
Moderate
Unreviewed
CVE-2023-39482
was published
May 3, 2024
Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure...
High
Unreviewed
CVE-2023-39465
was published
May 3, 2024
D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This...
Critical
Unreviewed
CVE-2023-32169
was published
May 3, 2024
A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic....
Low
Unreviewed
CVE-2024-1258
was published
Feb 6, 2024
A vulnerability, which was classified as critical, has been found in osuuu LightPicture up to 1.2...
Moderate
Unreviewed
CVE-2024-1920
was published
Feb 27, 2024
The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native...
High
Unreviewed
CVE-2024-30407
was published
Apr 12, 2024
Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a...
High
Unreviewed
CVE-2022-2660
was published
Dec 14, 2022
Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key...
High
Unreviewed
CVE-2023-43637
was published
Sep 21, 2023
The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private...
Moderate
Unreviewed
CVE-2023-3404
was published
Aug 31, 2023
Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz -...
Critical
Unreviewed
CVE-2023-3632
was published
Aug 9, 2023
ProTip!
Advisories are also available from the
GraphQL API