GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
75 advisories
Filter by severity
Logsign Unified SecOps Platform HTTP API Hard-coded Cryptographic Key Remote Code Execution...
High
Unreviewed
CVE-2024-5722
was published
Nov 22, 2024
Use of hard-coded cryptographic key issue exists in AIPHONE IX SYSTEM, IXG SYSTEM, and System...
Moderate
Unreviewed
CVE-2024-45837
was published
Nov 22, 2024
Use of hard-coded cryptographic key issue exists in "Kura Sushi Official App Produced by EPARK"...
Moderate
Unreviewed
CVE-2024-52614
was published
Nov 20, 2024
The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt...
Moderate
Unreviewed
CVE-2024-11308
was published
Nov 18, 2024
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected...
Moderate
Unreviewed
CVE-2024-46889
was published
Nov 12, 2024
AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific...
Moderate
Unreviewed
CVE-2023-21404
was published
May 8, 2023
HiveOS through 0.6-102@191212 ships with SSH host keys baked into the installation image, which...
Moderate
Unreviewed
CVE-2019-19754
was published
Apr 30, 2024
A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with...
Moderate
Unreviewed
CVE-2024-20280
was published
Oct 16, 2024
A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may...
Moderate
Unreviewed
CVE-2023-39982
was published
Sep 2, 2023
IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information...
Moderate
Unreviewed
CVE-2024-38314
was published
Oct 24, 2024
Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard...
Critical
Unreviewed
CVE-2023-48392
was published
Dec 15, 2023
Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An...
Critical
Unreviewed
CVE-2023-37291
was published
Jul 21, 2023
It is possible to download the configuration backup without authorization and decrypt included...
High
Unreviewed
CVE-2023-49256
was published
Jan 12, 2024
A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could...
High
Unreviewed
CVE-2024-20350
was published
Sep 25, 2024
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys...
Moderate
Unreviewed
CVE-2023-4328
was published
Aug 15, 2023
IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to...
Critical
Unreviewed
CVE-2024-46612
was published
Sep 25, 2024
Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a...
High
Unreviewed
CVE-2022-48625
was published
Feb 20, 2024
Avtec Outpost uses a default cryptographic key that can be used to decrypt sensitive information.
High
Unreviewed
CVE-2024-42418
was published
Aug 22, 2024
Password reset tokens are generated using an insecure source of randomness. Attackers who know...
Critical
Unreviewed
CVE-2024-6890
was published
Aug 8, 2024
SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which...
Critical
Unreviewed
CVE-2019-19753
was published
Apr 30, 2024
A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauthenticated, remote...
High
Unreviewed
CVE-2024-20323
was published
Jul 17, 2024
Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP...
High
Unreviewed
CVE-2024-33891
was published
Apr 29, 2024
minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product.
Critical
Unreviewed
CVE-2019-19750
was published
May 24, 2022
A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE...
Moderate
Unreviewed
CVE-2023-44318
was published
Nov 14, 2023
The devices which CyberPower PowerPanel manages use identical certificates based on a
hard-coded...
High
Unreviewed
CVE-2024-31410
was published
May 15, 2024
ProTip!
Advisories are also available from the
GraphQL API