GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
77 advisories
Filter by severity
A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with...
Moderate
Unreviewed
CVE-2024-20280
was published
Oct 16, 2024
A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could...
High
Unreviewed
CVE-2024-20350
was published
Sep 25, 2024
IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to...
Critical
Unreviewed
CVE-2024-46612
was published
Sep 25, 2024
Dragonfly2 has hard coded cyptographic key
Critical
CVE-2023-27584
was published
for
d7y.io/dragonfly/v2
(Go)
Sep 19, 2024
Avtec Outpost uses a default cryptographic key that can be used to decrypt sensitive information.
High
Unreviewed
CVE-2024-42418
was published
Aug 22, 2024
Password reset tokens are generated using an insecure source of randomness. Attackers who know...
Critical
Unreviewed
CVE-2024-6890
was published
Aug 8, 2024
NetBird uses a static initialization vector (IV)
High
CVE-2024-41260
was published
for
github.com/netbirdio/netbird
(Go)
Aug 1, 2024
A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauthenticated, remote...
High
Unreviewed
CVE-2024-20323
was published
Jul 17, 2024
The devices which CyberPower PowerPanel manages use identical certificates based on a
hard-coded...
High
Unreviewed
CVE-2024-31410
was published
May 15, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All...
Critical
Unreviewed
CVE-2024-30207
was published
May 14, 2024
A hard-coded AES key vulnerability was reported in the Motorola GuideMe application, along with...
Moderate
Unreviewed
CVE-2024-3109
was published
May 3, 2024
Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure...
High
Unreviewed
CVE-2023-39465
was published
May 3, 2024
Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure...
Moderate
Unreviewed
CVE-2023-39482
was published
May 3, 2024
D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This...
Critical
Unreviewed
CVE-2023-32169
was published
May 3, 2024
HiveOS through 0.6-102@191212 ships with SSH host keys baked into the installation image, which...
Unknown
Unreviewed
CVE-2019-19754
was published
Apr 30, 2024
SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which...
Critical
Unreviewed
CVE-2019-19753
was published
Apr 30, 2024
Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP...
High
Unreviewed
CVE-2024-33891
was published
Apr 29, 2024
The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native...
High
Unreviewed
CVE-2024-30407
was published
Apr 12, 2024
Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions...
Moderate
Unreviewed
CVE-2023-38535
was published
Mar 14, 2024
Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this...
Critical
Unreviewed
CVE-2024-2413
was published
Mar 13, 2024
A vulnerability, which was classified as critical, has been found in osuuu LightPicture up to 1.2...
Moderate
Unreviewed
CVE-2024-1920
was published
Feb 27, 2024
@nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keys
Critical
GHSA-84c3-j8r2-mcm8
was published
for
@nfid/embed
(npm)
Feb 26, 2024
agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate`
Critical
CVE-2024-1631
was published
for
@dfinity/auth-client
(npm)
Feb 21, 2024
Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a...
High
Unreviewed
CVE-2022-48625
was published
Feb 20, 2024
A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic....
Low
Unreviewed
CVE-2024-1258
was published
Feb 6, 2024
ProTip!
Advisories are also available from the
GraphQL API