Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,675
Maven
5,000+
npm
4,297
NuGet
760
pip
4,077
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

52 advisories

Loading
The Download Manager plugin for WordPress is vulnerable to unauthorized access due to a hardcoded... Moderate Unreviewed
CVE-2025-12177 was published Nov 8, 2025
The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization... Moderate Unreviewed
CVE-2025-56801 was published Oct 21, 2025
The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt... Moderate Unreviewed
CVE-2025-56802 was published Oct 21, 2025
NeuVector is shipping cryptographic material into its binary Moderate
CVE-2025-54471 was published for github.com/neuvector/neuvector (Go) Oct 21, 2025
mmalesev
Credited to mmalesev
desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key, which allows an... Moderate Unreviewed
CVE-2025-58426 was published Oct 16, 2025
Newforma Info Exchange (NIX) uses a hard-coded key to encrypt certain query parameters. Some... Moderate Unreviewed
CVE-2025-35052 was published Oct 9, 2025
Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE packet data by using the... Moderate Unreviewed
CVE-2025-60250 was published Sep 26, 2025
The use of a hard-coded cryptographic key was discovered in firmware version 3.60 of the Click... Moderate Unreviewed
CVE-2025-58069 was published Sep 24, 2025
A low privileged local attacker can abuse the affected service by using a hardcoded cryptographic... Moderate Unreviewed
CVE-2025-2810 was published Aug 5, 2025
A potential security vulnerability has been identified in the Poly Clariti Manager for versions... Moderate Unreviewed
CVE-2025-43483 was published Jul 23, 2025
Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows... Moderate Unreviewed
CVE-2025-52374 was published Jul 21, 2025
Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows... Moderate Unreviewed
CVE-2025-52373 was published Jul 21, 2025
Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the... Moderate Unreviewed
CVE-2025-6074 was published Jul 3, 2025
Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE. An attacker... Moderate Unreviewed
CVE-2025-6071 was published Jul 3, 2025
Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of... Moderate Unreviewed
CVE-2025-49164 was published Jun 3, 2025
The certificate and private key used for providing transport layer security for connections to... Moderate Unreviewed
CVE-2025-48417 was published May 21, 2025
ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to... Moderate Unreviewed
CVE-2025-4876 was published May 19, 2025
Use of hard-coded cryptographic key vulnerability in i-PRO Configuration Tool affects the network... Moderate Unreviewed
CVE-2025-32730 was published Apr 24, 2025
A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before... Moderate Unreviewed
CVE-2024-13842 was published Feb 11, 2025
A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in... Moderate Unreviewed
CVE-2024-33504 was published Feb 11, 2025
SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the... Moderate Unreviewed
CVE-2024-28989 was published Feb 11, 2025
Successful exploitation of this vulnerability could allow an attacker (who needs to have Admin... Moderate Unreviewed
CVE-2024-47256 was published Feb 6, 2025
ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT... Moderate Unreviewed
CVE-2024-12078 was published Jan 23, 2025
Use of hard-coded cryptographic key issue exists in AIPHONE IX SYSTEM, IXG SYSTEM, and System... Moderate Unreviewed
CVE-2024-45837 was published Nov 22, 2024
Use of hard-coded cryptographic key issue exists in "Kura Sushi Official App Produced by EPARK"... Moderate Unreviewed
CVE-2024-52614 was published Nov 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database