GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
166 advisories
Filter by severity
Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain...
Critical
Unreviewed
CVE-2022-34615
was published
Aug 20, 2022
Contract Management System v2.0 contains a weak default password which gives attackers to access...
High
Unreviewed
CVE-2022-35198
was published
Aug 19, 2022
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have...
Critical
Unreviewed
CVE-2022-35280
was published
Aug 11, 2022
Raneto v0.17.0 employs weak password complexity requirements
Critical
CVE-2022-35143
was published
for
raneto
(npm)
Aug 5, 2022
BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a...
High
Unreviewed
CVE-2022-36301
was published
Aug 2, 2022
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET...
Critical
Unreviewed
CVE-2022-31211
was published
Jul 18, 2022
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices,...
High
Unreviewed
CVE-2022-28377
was published
Jul 15, 2022
Weak default root user credentials allow remote attackers to easily obtain OS superuser...
Critical
Unreviewed
CVE-2022-1668
was published
Jun 25, 2022
Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1.
Critical
Unreviewed
CVE-2022-2098
was published
Jun 17, 2022
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The default pre-shared key...
High
Unreviewed
CVE-2022-30325
was published
Jun 17, 2022
Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password...
High
Unreviewed
CVE-2022-29729
was published
Jun 3, 2022
Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement...
High
Unreviewed
CVE-2022-29098
was published
Jun 2, 2022
In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not...
High
Unreviewed
CVE-2021-25923
was published
May 24, 2022
Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before...
High
Unreviewed
CVE-2020-15369
was published
May 24, 2022
A flaw was found in Samba, all versions starting samba 4.5.0 until samba 4.9.15, samba 4.10.10,...
Moderate
Unreviewed
CVE-2019-14833
was published
May 24, 2022
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong...
Moderate
Unreviewed
CVE-2019-4565
was published
May 24, 2022
IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for...
High
Unreviewed
CVE-2019-4321
was published
May 24, 2022
IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong...
High
Unreviewed
CVE-2019-4235
was published
May 24, 2022
A local attacker could bypass the app password using a race condition in Sophos Secure Workspace...
High
Unreviewed
CVE-2021-36808
was published
May 24, 2022
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient...
Critical
Unreviewed
CVE-2021-38462
was published
May 24, 2022
The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and...
Critical
Unreviewed
CVE-2021-35498
was published
May 24, 2022
ECOA BAS controller uses weak set of default administrative credentials that can be easily...
Critical
Unreviewed
CVE-2021-41296
was published
May 24, 2022
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow the user to set a weak password because...
Moderate
Unreviewed
CVE-2021-28914
was published
May 24, 2022
IBM Security Guardium 11.2 does not require that users should have strong passwords by default,...
Critical
Unreviewed
CVE-2021-20418
was published
May 24, 2022
A vulnerability in the change password API of Cisco Connected Mobile Experiences (CMX) could...
Moderate
Unreviewed
CVE-2021-1522
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API