GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+
19 advisories
Filter by severity
CasaOS contains weak JWT secrets
Critical
CVE-2023-37266
was published
for
github.com/IceWhaleTech/CasaOS
(Go)
Jul 17, 2023
The Priva TopControl Suite contains predictable credentials for the SSH service, based on the...
High
Unreviewed
CVE-2022-3010
was published
Jan 2, 2024
Moodle Temporary Passwords are Brute Force-able
High
CVE-2014-7845
was published
for
moodle/moodle
(Composer)
May 13, 2022
The vulnerability allows a remote attacker to access sensitive data inside exported packages or...
High
Unreviewed
CVE-2023-48257
was published
Jan 10, 2024
Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if...
Critical
Unreviewed
CVE-2024-1039
was published
Feb 2, 2024
The affected product exposes multiple sensitive data fields of the affected product. An attacker...
Critical
Unreviewed
CVE-2022-46738
was published
May 23, 2023
Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password...
Moderate
Unreviewed
CVE-2023-3470
was published
Aug 2, 2023
The MSI installer for Splashtop Streamer for Windows before 3.6.2.0 uses a temporary folder with...
High
Unreviewed
CVE-2024-42051
was published
Jul 28, 2024
Longse model LBH30FE200W cameras, as well as products based on this device, make use of telnet...
High
Unreviewed
CVE-2024-5634
was published
Jul 9, 2024
Under certain circumstances the Software House C●CURE 9000 installer will utilize weak credentials.
High
Unreviewed
CVE-2024-32759
was published
Jul 10, 2024
In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).
High
Unreviewed
CVE-2024-28066
was published
Apr 8, 2024
A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This...
High
Unreviewed
CVE-2024-40892
was published
Aug 12, 2024
Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise,...
Critical
Unreviewed
CVE-2023-0635
was published
Jul 6, 2023
A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI...
Moderate
Unreviewed
CVE-2023-6951
was published
Apr 2, 2024
Duplicate Advisory: Juju makes Use of Weak Credentials
High
GHSA-phh4-3hmm-24rx
was published
for
github.com/juju/juju
(Go)
Oct 2, 2024
•
withdrawn
The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient,...
Moderate
Unreviewed
CVE-2024-42027
was published
Oct 7, 2024
JUJU_CONTEXT_ID is a predictable authentication secret
Moderate
CVE-2024-7558
was published
for
github.com/juju/juju
(Go)
Oct 3, 2024
An unauthenticated remote attacker can perform a brute-force attack on the credentials of the...
High
Unreviewed
CVE-2024-45272
was published
Oct 15, 2024
Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated...
Critical
Unreviewed
CVE-2024-43698
was published
Oct 23, 2024
ProTip!
Advisories are also available from the
GraphQL API