Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,383
Erlang
33
GitHub Actions
22
Go
2,141
Maven
5,000+
npm
3,803
NuGet
687
pip
3,479
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

95 advisories

Loading
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All... Critical Unreviewed
CVE-2024-30207 was published May 14, 2024
A hard-coded AES key vulnerability was reported in the Motorola GuideMe application, along with... Moderate Unreviewed
CVE-2024-3109 was published May 3, 2024
Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure... High Unreviewed
CVE-2023-39465 was published May 3, 2024
Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure... Moderate Unreviewed
CVE-2023-39482 was published May 3, 2024
D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This... Critical Unreviewed
CVE-2023-32169 was published May 3, 2024
HiveOS through 0.6-102@191212 ships with SSH host keys baked into the installation image, which... Moderate Unreviewed
CVE-2019-19754 was published Apr 30, 2024
SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which... Critical Unreviewed
CVE-2019-19753 was published Apr 30, 2024
Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP... High Unreviewed
CVE-2024-33891 was published Apr 29, 2024
The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native... High Unreviewed
CVE-2024-30407 was published Apr 12, 2024
Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions... Moderate Unreviewed
CVE-2023-38535 was published Mar 14, 2024
Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this... Critical Unreviewed
CVE-2024-2413 was published Mar 13, 2024
A vulnerability, which was classified as critical, has been found in osuuu LightPicture up to 1.2... Moderate Unreviewed
CVE-2024-1920 was published Feb 27, 2024
@nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keys Critical
GHSA-84c3-j8r2-mcm8 was published for @nfid/embed (npm) Feb 26, 2024
agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate` Critical
CVE-2024-1631 was published for @dfinity/auth-client (npm) Feb 21, 2024
peterpeterparker krpeacock
Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a... High Unreviewed
CVE-2022-48625 was published Feb 20, 2024
A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic.... Low Unreviewed
CVE-2024-1258 was published Feb 6, 2024
Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an... Moderate Unreviewed
CVE-2023-6482 was published Jan 27, 2024
It is possible to download the configuration backup without authorization and decrypt included... High Unreviewed
CVE-2023-49256 was published Jan 12, 2024
Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard... Critical Unreviewed
CVE-2023-48392 was published Dec 15, 2023
Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate... High Unreviewed
CVE-2023-40464 was published Dec 5, 2023
A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE... Moderate Unreviewed
CVE-2023-44318 was published Nov 14, 2023
Symmetric encryption used to protect messages between the AppsAnywhere server and client can be... High Unreviewed
CVE-2023-41137 was published Nov 9, 2023
xkeys seal encryption used fixed key for all encryption High
CVE-2023-46129 was published for github.com/nats-io/nats-server/v2 (Go) Oct 31, 2023
tinou98
EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key Critical Unreviewed
CVE-2023-42492 was published Oct 25, 2023
Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key... High Unreviewed
CVE-2023-43637 was published Sep 21, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database