GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
19 advisories
Filter by severity
IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to...
Critical
Unreviewed
CVE-2024-46612
was published
Sep 25, 2024
Password reset tokens are generated using an insecure source of randomness. Attackers who know...
Critical
Unreviewed
CVE-2024-6890
was published
Aug 8, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All...
Critical
Unreviewed
CVE-2024-30207
was published
May 14, 2024
D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This...
Critical
Unreviewed
CVE-2023-32169
was published
May 3, 2024
SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which...
Critical
Unreviewed
CVE-2019-19753
was published
Apr 30, 2024
Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this...
Critical
Unreviewed
CVE-2024-2413
was published
Mar 13, 2024
Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard...
Critical
Unreviewed
CVE-2023-48392
was published
Dec 15, 2023
EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key
Critical
Unreviewed
CVE-2023-42492
was published
Oct 25, 2023
Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz -...
Critical
Unreviewed
CVE-2023-3632
was published
Aug 9, 2023
Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An...
Critical
Unreviewed
CVE-2023-37291
was published
Jul 21, 2023
Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious...
Critical
Unreviewed
CVE-2023-2158
was published
Jul 6, 2023
Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device...
Critical
Unreviewed
CVE-2022-2641
was published
Jul 6, 2023
An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality...
Critical
Unreviewed
CVE-2023-22844
was published
Jul 6, 2023
AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded...
Critical
Unreviewed
CVE-2023-34338
was published
Jul 5, 2023
Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions...
Critical
Unreviewed
CVE-2022-29830
was published
Nov 25, 2022
A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive ...
Critical
Unreviewed
CVE-2021-27389
was published
May 24, 2022
minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product.
Critical
Unreviewed
CVE-2019-19750
was published
May 24, 2022
Metasys? ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for...
Critical
Unreviewed
CVE-2019-7594
was published
May 24, 2022
A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version...
Critical
Unreviewed
CVE-2017-14021
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API