Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,218
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

47 advisories

Loading
In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new... Critical Unreviewed
CVE-2023-49238 was published Jan 9, 2024
An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain... Critical Unreviewed
CVE-2023-24049 was published Dec 5, 2023
An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via... Critical Unreviewed
CVE-2023-29974 was published Nov 8, 2023
HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the... Critical Unreviewed
CVE-2023-37503 was published Oct 19, 2023
I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for... Critical Unreviewed
CVE-2023-37756 was published Sep 14, 2023
There are no requirements for setting a complex password for PiiGAB M-Bus, which... Critical Unreviewed
CVE-2023-34995 was published Jul 7, 2023
A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been... Critical Unreviewed
CVE-2023-0641 was published Feb 2, 2023
A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain... Critical Unreviewed
CVE-2022-32513 was published Jan 31, 2023
Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) has a Weak... Critical Unreviewed
CVE-2022-44236 was published Dec 15, 2022
Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting,... Critical Unreviewed
CVE-2022-45482 was published Dec 2, 2022
Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2. Critical Unreviewed
CVE-2022-3268 was published Sep 23, 2022
Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain... Critical Unreviewed
CVE-2022-37164 was published Sep 9, 2022
Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially... Critical Unreviewed
CVE-2022-37163 was published Sep 9, 2022
RuoYi v3.8.3 has a Weak password vulnerability in the management system. Critical Unreviewed
CVE-2022-37158 was published Aug 26, 2022
Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain... Critical Unreviewed
CVE-2022-34615 was published Aug 20, 2022
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have... Critical Unreviewed
CVE-2022-35280 was published Aug 11, 2022
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET... Critical Unreviewed
CVE-2022-31211 was published Jul 18, 2022
Weak default root user credentials allow remote attackers to easily obtain OS superuser... Critical Unreviewed
CVE-2022-1668 was published Jun 25, 2022
Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1. Critical Unreviewed
CVE-2022-2098 was published Jun 17, 2022
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient... Critical Unreviewed
CVE-2021-38462 was published May 24, 2022
The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and... Critical Unreviewed
CVE-2021-35498 was published May 24, 2022
ECOA BAS controller uses weak set of default administrative credentials that can be easily... Critical Unreviewed
CVE-2021-41296 was published May 24, 2022
IBM Security Guardium 11.2 does not require that users should have strong passwords by default,... Critical Unreviewed
CVE-2021-20418 was published May 24, 2022
An access control vulnerability in Hame SD1 Wi-Fi firmware <=V.20140224154640 allows an attacker... Critical Unreviewed
CVE-2021-26797 was published May 24, 2022
A weak password requirement vulnerability exists in the Create New User function of MintHCM... Critical Unreviewed
CVE-2021-25839 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database