Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

85 advisories

Loading
Logsign Unified SecOps Platform HTTP API Hard-coded Cryptographic Key Remote Code Execution... High Unreviewed
CVE-2024-5722 was published Nov 22, 2024
Use of hard-coded cryptographic key issue exists in AIPHONE IX SYSTEM, IXG SYSTEM, and System... Moderate Unreviewed
CVE-2024-45837 was published Nov 22, 2024
Use of hard-coded cryptographic key issue exists in "Kura Sushi Official App Produced by EPARK"... Moderate Unreviewed
CVE-2024-52614 was published Nov 20, 2024
The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt... Moderate Unreviewed
CVE-2024-11308 was published Nov 18, 2024
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected... Moderate Unreviewed
CVE-2024-46889 was published Nov 12, 2024
AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific... Moderate Unreviewed
CVE-2023-21404 was published May 8, 2023
HiveOS through 0.6-102@191212 ships with SSH host keys baked into the installation image, which... Moderate Unreviewed
CVE-2019-19754 was published Apr 30, 2024
A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with... Moderate Unreviewed
CVE-2024-20280 was published Oct 16, 2024
A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may... Moderate Unreviewed
CVE-2023-39982 was published Sep 2, 2023
IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information... Moderate Unreviewed
CVE-2024-38314 was published Oct 24, 2024
Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard... Critical Unreviewed
CVE-2023-48392 was published Dec 15, 2023
Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An... Critical Unreviewed
CVE-2023-37291 was published Jul 21, 2023
It is possible to download the configuration backup without authorization and decrypt included... High Unreviewed
CVE-2023-49256 was published Jan 12, 2024
Dragonfly2 has hard coded cyptographic key Critical
CVE-2023-27584 was published for d7y.io/dragonfly/v2 (Go) Sep 19, 2024
cokeBeer
A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could... High Unreviewed
CVE-2024-20350 was published Sep 25, 2024
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys... Moderate Unreviewed
CVE-2023-4328 was published Aug 15, 2023
IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to... Critical Unreviewed
CVE-2024-46612 was published Sep 25, 2024
Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a... High Unreviewed
CVE-2022-48625 was published Feb 20, 2024
Avtec Outpost uses a default cryptographic key that can be used to decrypt sensitive information. High Unreviewed
CVE-2024-42418 was published Aug 22, 2024
NetBird uses a static initialization vector (IV) High
CVE-2024-41260 was published for github.com/netbirdio/netbird (Go) Aug 1, 2024
Password reset tokens are generated using an insecure source of randomness. Attackers who know... Critical Unreviewed
CVE-2024-6890 was published Aug 8, 2024
SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which... Critical Unreviewed
CVE-2019-19753 was published Apr 30, 2024
A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauthenticated, remote... High Unreviewed
CVE-2024-20323 was published Jul 17, 2024
Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP... High Unreviewed
CVE-2024-33891 was published Apr 29, 2024
minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product. Critical Unreviewed
CVE-2019-19750 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database