GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,128 advisories
Filter by severity
Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 ...
Moderate
Unreviewed
CVE-2023-45194
was published
Oct 11, 2023
The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers...
High
Unreviewed
CVE-2023-45226
was published
Oct 10, 2023
All versions of the qBittorrent client through 4.5.5 use default credentials when the web user...
Critical
Unreviewed
CVE-2023-30801
was published
Oct 10, 2023
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only...
High
Unreviewed
CVE-2023-36380
was published
Oct 10, 2023
Qognify NiceVision versions 3.1 and prior are vulnerable to exposing sensitive information...
Critical
Unreviewed
CVE-2023-2306
was published
Oct 5, 2023
A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to...
Critical
Unreviewed
CVE-2023-20101
was published
Oct 4, 2023
Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation...
Critical
Unreviewed
CVE-2023-2809
was published
Oct 4, 2023
All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device...
High
Unreviewed
CVE-2022-47891
was published
Oct 3, 2023
Microweber uses hard coded credentials
Moderate
CVE-2023-5318
was published
for
microweber/microweber
(Composer)
Sep 30, 2023
Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could...
High
Unreviewed
CVE-2023-20034
was published
Sep 27, 2023
Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key...
High
Unreviewed
CVE-2023-43637
was published
Sep 21, 2023
Use of a static key to protect a JWT token used in user authentication can allow an for an...
Critical
Unreviewed
CVE-2023-5074
was published
Sep 20, 2023
** UNSUPPPORTED WHEN ASSIGNED ** Devices ekorCCP and ekorRCI are vulnerable due to access to the...
Critical
Unreviewed
CVE-2022-47558
was published
Sep 19, 2023
Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One...
High
Unreviewed
CVE-2023-31808
was published
Sep 19, 2023
Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated...
Moderate
Unreviewed
CVE-2023-41030
was published
Sep 18, 2023
An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain...
High
Unreviewed
CVE-2023-42328
was published
Sep 18, 2023
An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password.
High
Unreviewed
CVE-2023-41595
was published
Sep 18, 2023
An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary...
Critical
Unreviewed
CVE-2023-42336
was published
Sep 16, 2023
i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default...
Critical
Unreviewed
CVE-2023-37755
was published
Sep 14, 2023
A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may...
High
Unreviewed
CVE-2023-40717
was published
Sep 13, 2023
Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which...
Moderate
Unreviewed
CVE-2023-27169
was published
Sep 12, 2023
The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of...
High
Unreviewed
CVE-2023-39421
was published
Sep 7, 2023
The RDPCore.dll component as used in the IRM Next Generation booking engine, allows a remote user...
High
Unreviewed
CVE-2023-39420
was published
Sep 7, 2023
The /irmdata/api/ endpoints exposed by the IRM Next Generation booking engine authenticates...
Critical
Unreviewed
CVE-2023-39422
was published
Sep 7, 2023
Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions...
High
Unreviewed
CVE-2023-32619
was published
Sep 6, 2023
ProTip!
Advisories are also available from the
GraphQL API