GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
71 advisories
Filter by severity
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected...
Moderate
Unreviewed
CVE-2024-46889
was published
Nov 12, 2024
IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information...
Moderate
Unreviewed
CVE-2024-38314
was published
Oct 24, 2024
A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with...
Moderate
Unreviewed
CVE-2024-20280
was published
Oct 16, 2024
A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could...
High
Unreviewed
CVE-2024-20350
was published
Sep 25, 2024
IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to...
Critical
Unreviewed
CVE-2024-46612
was published
Sep 25, 2024
Avtec Outpost uses a default cryptographic key that can be used to decrypt sensitive information.
High
Unreviewed
CVE-2024-42418
was published
Aug 22, 2024
Password reset tokens are generated using an insecure source of randomness. Attackers who know...
Critical
Unreviewed
CVE-2024-6890
was published
Aug 8, 2024
A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauthenticated, remote...
High
Unreviewed
CVE-2024-20323
was published
Jul 17, 2024
The devices which CyberPower PowerPanel manages use identical certificates based on a
hard-coded...
High
Unreviewed
CVE-2024-31410
was published
May 15, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All...
Critical
Unreviewed
CVE-2024-30207
was published
May 14, 2024
A hard-coded AES key vulnerability was reported in the Motorola GuideMe application, along with...
Moderate
Unreviewed
CVE-2024-3109
was published
May 3, 2024
Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure...
High
Unreviewed
CVE-2023-39465
was published
May 3, 2024
Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure...
Moderate
Unreviewed
CVE-2023-39482
was published
May 3, 2024
D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This...
Critical
Unreviewed
CVE-2023-32169
was published
May 3, 2024
HiveOS through 0.6-102@191212 ships with SSH host keys baked into the installation image, which...
Moderate
Unreviewed
CVE-2019-19754
was published
Apr 30, 2024
SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which...
Critical
Unreviewed
CVE-2019-19753
was published
Apr 30, 2024
Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP...
High
Unreviewed
CVE-2024-33891
was published
Apr 29, 2024
The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native...
High
Unreviewed
CVE-2024-30407
was published
Apr 12, 2024
Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions...
Moderate
Unreviewed
CVE-2023-38535
was published
Mar 14, 2024
Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this...
Critical
Unreviewed
CVE-2024-2413
was published
Mar 13, 2024
A vulnerability, which was classified as critical, has been found in osuuu LightPicture up to 1.2...
Moderate
Unreviewed
CVE-2024-1920
was published
Feb 27, 2024
Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a...
High
Unreviewed
CVE-2022-48625
was published
Feb 20, 2024
A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic....
Low
Unreviewed
CVE-2024-1258
was published
Feb 6, 2024
Use of encryption key derived from static information in Synaptics Fingerprint Driver allows
an...
Moderate
Unreviewed
CVE-2023-6482
was published
Jan 27, 2024
It is possible to download the configuration backup without authorization and decrypt included...
High
Unreviewed
CVE-2023-49256
was published
Jan 12, 2024
ProTip!
Advisories are also available from the
GraphQL API