Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

51 advisories

Loading
The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access... Critical Unreviewed
CVE-2022-1039 was published Apr 21, 2022
Weak Password Requirements in UnboundID LDAP SDK Critical
CVE-2018-1000134 was published for com.unboundid:unboundid-ldapsdk (Maven) May 13, 2022
Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating... Critical Unreviewed
CVE-2020-26201 was published May 24, 2022
Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1. Critical Unreviewed
CVE-2022-2098 was published Jun 17, 2022
Weak default root user credentials allow remote attackers to easily obtain OS superuser... Critical Unreviewed
CVE-2022-1668 was published Jun 25, 2022
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET... Critical Unreviewed
CVE-2022-31211 was published Jul 18, 2022
Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) has a Weak... Critical Unreviewed
CVE-2022-44236 was published Dec 15, 2022
Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain... Critical Unreviewed
CVE-2022-34615 was published Aug 20, 2022
Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2. Critical Unreviewed
CVE-2022-1775 was published May 21, 2022
RuoYi v3.8.3 has a Weak password vulnerability in the management system. Critical Unreviewed
CVE-2022-37158 was published Aug 26, 2022
Versions of the Official teamspeak Docker images through 3.6.0 contain a blank password for the... Critical Unreviewed
CVE-2020-29590 was published May 24, 2022
Versions of the Official registry Docker images through 2.7.0 contain a blank password for the... Critical Unreviewed
CVE-2020-29591 was published May 24, 2022
A weak password requirement vulnerability exists in the Create New User function of MintHCM... Critical Unreviewed
CVE-2021-25839 was published May 24, 2022
An access control vulnerability in Hame SD1 Wi-Fi firmware <=V.20140224154640 allows an attacker... Critical Unreviewed
CVE-2021-26797 was published May 24, 2022
IBM Security Guardium 11.2 does not require that users should have strong passwords by default,... Critical Unreviewed
CVE-2021-20418 was published May 24, 2022
ECOA BAS controller uses weak set of default administrative credentials that can be easily... Critical Unreviewed
CVE-2021-41296 was published May 24, 2022
The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and... Critical Unreviewed
CVE-2021-35498 was published May 24, 2022
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient... Critical Unreviewed
CVE-2021-38462 was published May 24, 2022
phpMyFAQ contains Weak Password Requirements Critical
CVE-2022-3754 was published for thorsten/phpmyfaq (Composer) Oct 29, 2022
Raneto v0.17.0 employs weak password complexity requirements Critical
CVE-2022-35143 was published for raneto (npm) Aug 5, 2022
Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting,... Critical Unreviewed
CVE-2022-45482 was published Dec 2, 2022
Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2. Critical Unreviewed
CVE-2022-3268 was published Sep 23, 2022
Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially... Critical Unreviewed
CVE-2022-37163 was published Sep 9, 2022
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. /admin/access accepts a request to... Critical Unreviewed
CVE-2019-7674 was published May 13, 2022
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. The "user" account has a blank... Critical Unreviewed
CVE-2019-9123 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database