Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,321 advisories

Loading
The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to... Critical Unreviewed
CVE-2025-8570 was published Sep 11, 2025
CWE-798 Use of Hard-coded Credentials High Unreviewed
CVE-2025-55047 was published Sep 9, 2025
A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of... Low Unreviewed
CVE-2025-9725 was published Sep 5, 2025
PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default... Critical Unreviewed
CVE-2025-35451 was published Sep 5, 2025
PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials... Critical Unreviewed
CVE-2025-35452 was published Sep 5, 2025
Clinic Image System developed by Changing contains hard-coded Credentials, allowing... Critical Unreviewed
CVE-2025-8857 was published Aug 29, 2025
hippo4j Includes Hard Coded Secret Key in JWT Creation High
CVE-2025-51606 was published for cn.hippo4j:hippo4j-core (Maven) Aug 21, 2025
IBM Concert Software 1.0.0 through 1.1.0 contains hard-coded credentials, such as a password or... Moderate Unreviewed
CVE-2025-33100 was published Aug 18, 2025
A security issue was discovered in the Kubernetes Image Builder where default credentials are... High Unreviewed
CVE-2025-7342 was published Aug 18, 2025
Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by... Critical Unreviewed
CVE-2025-43982 was published Aug 13, 2025
This vulnerability exists in ZKTeco WL20 due to hard-coded MQTT credentials and endpoints stored... Moderate Unreviewed
CVE-2025-54465 was published Aug 13, 2025
This vulnerability exists in ZKTeco WL20 due to hard-coded private key stored in plaintext within... Moderate Unreviewed
CVE-2025-55279 was published Aug 13, 2025
SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If... Moderate Unreviewed
CVE-2025-26398 was published Aug 12, 2025
Tigo Energy's Cloud Connect Advanced (CCA) device contains hard-coded credentials that allow... Critical Unreviewed
CVE-2025-7768 was published Aug 6, 2025
Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a hardcoded... Critical Unreviewed
CVE-2025-51536 was published Aug 4, 2025
A vulnerability was discovered in the storage policy for certain sets of authentication keys in... Moderate Unreviewed
CVE-2025-37111 was published Jul 31, 2025
A vulnerability was discovered in the storage policy for certain sets of encryption keys in the... Moderate Unreviewed
CVE-2025-37112 was published Jul 31, 2025
An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. All dashcams were shipped with... Critical Unreviewed
CVE-2025-30125 was published Jul 28, 2025
A vulnerability, which was classified as critical, has been found in D-Link DIR-890L up to 111b04... High Unreviewed
CVE-2025-8231 was published Jul 27, 2025
Unitree Go1 <= Go1_2022_05_11 is vulnerale to Incorrect Access Control due to authentication... High Unreviewed
CVE-2025-45466 was published Jul 25, 2025
HCL iAutomate includes hardcoded credentials which may result in potential exposure of... High Unreviewed
CVE-2025-31953 was published Jul 24, 2025
Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows... Critical Unreviewed
CVE-2025-54455 was published Jul 23, 2025
Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows... Critical Unreviewed
CVE-2025-54454 was published Jul 23, 2025
Use of Hard-coded Credentials vulnerability in PAVO Inc. PAVO Pay allows Read Sensitive Constants... High Unreviewed
CVE-2025-4130 was published Jul 21, 2025
Use of hard-coded, the same among all vulnerable installations SQLite credentials vulnerability... High Unreviewed
CVE-2025-4049 was published Jul 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database