GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
81 advisories
Filter by severity
Symmetric encryption used to protect messages between the AppsAnywhere server and client can be...
High
Unreviewed
CVE-2023-41137
was published
Nov 9, 2023
xkeys seal encryption used fixed key for all encryption
High
CVE-2023-46129
was published
for
github.com/nats-io/nats-server/v2
(Go)
Oct 31, 2023
Several versions of
ALEOS, including ALEOS 4.16.0, use a hardcoded
SSL certificate...
High
Unreviewed
CVE-2023-40464
was published
Dec 5, 2023
A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version...
Critical
Unreviewed
CVE-2017-14021
was published
May 13, 2022
A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco...
High
Unreviewed
CVE-2022-20868
was published
Nov 4, 2022
Use of encryption key derived from static information in Synaptics Fingerprint Driver allows
an...
Moderate
Unreviewed
CVE-2023-6482
was published
Jan 27, 2024
A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an...
High
Unreviewed
CVE-2023-20038
was published
Jan 20, 2023
agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate`
Critical
CVE-2024-1631
was published
for
@dfinity/auth-client
(npm)
Feb 21, 2024
@nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keys
Critical
GHSA-84c3-j8r2-mcm8
was published
for
@nfid/embed
(npm)
Feb 26, 2024
Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this...
Critical
Unreviewed
CVE-2024-2413
was published
Mar 13, 2024
Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions...
Moderate
Unreviewed
CVE-2023-38535
was published
Mar 14, 2024
Metasys? ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for...
Critical
Unreviewed
CVE-2019-7594
was published
May 24, 2022
Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to...
High
Unreviewed
CVE-2023-2637
was published
Jun 13, 2023
The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to...
High
Unreviewed
CVE-2023-3371
was published
Jun 27, 2023
AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded...
Critical
Unreviewed
CVE-2023-34338
was published
Jul 5, 2023
An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality...
Critical
Unreviewed
CVE-2023-22844
was published
Jul 6, 2023
Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device...
Critical
Unreviewed
CVE-2022-2641
was published
Jul 6, 2023
Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious...
Critical
Unreviewed
CVE-2023-2158
was published
Jul 6, 2023
Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This...
High
Unreviewed
CVE-2023-34123
was published
Jul 13, 2023
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that...
Moderate
Unreviewed
CVE-2023-35763
was published
Jul 18, 2023
The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information...
Moderate
Unreviewed
CVE-2023-3947
was published
Jul 26, 2023
Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz -...
Critical
Unreviewed
CVE-2023-3632
was published
Aug 9, 2023
The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private...
Moderate
Unreviewed
CVE-2023-3404
was published
Aug 31, 2023
Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key...
High
Unreviewed
CVE-2023-43637
was published
Sep 21, 2023
Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a...
High
Unreviewed
CVE-2022-2660
was published
Dec 14, 2022
ProTip!
Advisories are also available from the
GraphQL API