Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

190 advisories

Loading
It is possible to download the configuration backup without authorization and decrypt included... High Unreviewed
CVE-2023-49256 was published Jan 12, 2024
Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard... Critical Unreviewed
CVE-2023-48392 was published Dec 15, 2023
Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate... High Unreviewed
CVE-2023-40464 was published Dec 5, 2023
A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE... Moderate Unreviewed
CVE-2023-44318 was published Nov 14, 2023
Symmetric encryption used to protect messages between the AppsAnywhere server and client can be... High Unreviewed
CVE-2023-41137 was published Nov 9, 2023
xkeys seal encryption used fixed key for all encryption High
CVE-2023-46129 was published for github.com/nats-io/nats-server/v2 (Go) Oct 31, 2023
tinou98 Credited to tinou98
EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key Critical Unreviewed
CVE-2023-42492 was published Oct 25, 2023
Duplicate Advisory: EVE Has Partially Predetermined Vault Key High
GHSA-hx74-4wmc-fwvf was published for github.com/lf-edge/eve (Go) Sep 21, 2023 withdrawn
A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may... Moderate Unreviewed
CVE-2023-39982 was published Sep 2, 2023
The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private... Moderate Unreviewed
CVE-2023-3404 was published Aug 31, 2023
Netmaker has Hardcoded DNS Secret Key High
CVE-2023-32077 was published for github.com/gravitl/netmaker (Go) Aug 25, 2023
rootxharsh Credited to rootxharsh and iamnoooob iamnoooob iamnoooob
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys... Moderate Unreviewed
CVE-2023-4328 was published Aug 15, 2023
Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz -... Critical Unreviewed
CVE-2023-3632 was published Aug 9, 2023
The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information... Moderate Unreviewed
CVE-2023-3947 was published Jul 26, 2023
Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An... Critical Unreviewed
CVE-2023-37291 was published Jul 21, 2023
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that... Moderate Unreviewed
CVE-2023-35763 was published Jul 18, 2023
Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This... High Unreviewed
CVE-2023-34123 was published Jul 13, 2023
Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious... Critical Unreviewed
CVE-2023-2158 was published Jul 6, 2023
Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device... Critical Unreviewed
CVE-2022-2641 was published Jul 6, 2023
An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality... Critical Unreviewed
CVE-2023-22844 was published Jul 6, 2023
AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded... Critical Unreviewed
CVE-2023-34338 was published Jul 5, 2023
The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to... High Unreviewed
CVE-2023-3371 was published Jun 27, 2023
Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to... High Unreviewed
CVE-2023-2637 was published Jun 13, 2023
AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific... Moderate Unreviewed
CVE-2023-21404 was published May 8, 2023
MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the... High Unreviewed
CVE-2023-0391 was published Mar 21, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database