Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,655
Maven
5,000+
npm
4,284
NuGet
760
pip
4,067
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,360 advisories

Loading
AstrBot is vulnerable to RCE with hard-coded JWT signing keys Critical
CVE-2025-55449 was published for astrbot (pip) Nov 14, 2025
Marven11 Raven95676
Soulter
Credited to Marven11, Raven95676, and Soulter
NVIDIA AIStore contains a vulnerability in AuthN. A successful exploit of this vulnerability... High Unreviewed
CVE-2025-33186 was published Nov 11, 2025
SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or... Critical Unreviewed
CVE-2025-42890 was published Nov 11, 2025
Deck Mate 2 is distributed with static, hard-coded credentials for the root shell and web user... High Unreviewed
CVE-2025-34501 was published Nov 4, 2025
Use of Hard-Coded Credentials issue exists in MZK-DP300N version 1.07 and earlier, which may... High Unreviewed
CVE-2025-62777 was published Oct 28, 2025
Ghost Robotics Vision 60 v0.27.2 includes, among its physical interfaces, three RJ45 connectors... High Unreviewed
CVE-2025-41109 was published Oct 22, 2025
The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages. An... High Unreviewed
CVE-2025-41722 was published Oct 22, 2025
The WorkExaminer Professional server installation comes with an FTP server that is used to... High Unreviewed
CVE-2025-10639 was published Oct 21, 2025
An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security... Critical Unreviewed
CVE-2025-6950 was published Oct 17, 2025
Hardcoded credentials in gsigel14 ATLAS-EPIC commit f29312c (2025-05-26). Moderate Unreviewed
CVE-2025-60639 was published Oct 16, 2025
The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up... Critical Unreviewed
CVE-2025-10850 was published Oct 16, 2025
Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token... Critical Unreviewed
CVE-2025-56749 was published Oct 15, 2025
IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10... High Unreviewed
CVE-2025-36087 was published Oct 13, 2025
Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret Moderate
CVE-2025-61926 was published for github.com/ossf/allstar (Go) Oct 10, 2025
AdamKorcz justaugustus
Credited to AdamKorcz and justaugustus
Use of Hard-coded Credentials vulnerability in Logo Software Inc. TigerWings ERP allows Read... Moderate Unreviewed
CVE-2025-10609 was published Oct 3, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.862 and Application... Critical Unreviewed
CVE-2025-34209 was published Sep 29, 2025
In DOXENSE WATCHDOC before 6.1.0.5094, private user puk codes can be disclosed for Active... High Unreviewed
CVE-2025-58385 was published Sep 26, 2025
Use of Hard-coded Credentials vulnerability in Essekia Helpie FAQ allows Retrieve Embedded... Moderate Unreviewed
CVE-2025-58659 was published Sep 22, 2025
Use of Hard-coded Credentials vulnerability in Risto Niinemets Estonian Shipping Methods for... Moderate Unreviewed
CVE-2025-58656 was published Sep 22, 2025
Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager allows Retrieve Embedded... Moderate Unreviewed
CVE-2025-58269 was published Sep 22, 2025
AiKaan Cloud Controller uses a single hardcoded SSH private key and the username `proxyuser` for... Critical Unreviewed
CVE-2025-57601 was published Sep 22, 2025
Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined... Critical Unreviewed
CVE-2025-57602 was published Sep 22, 2025
Hardcoded credentials in default configuration of PPress 0.0.9. High Unreviewed
CVE-2025-52159 was published Sep 19, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951,... High Unreviewed
CVE-2025-34197 was published Sep 19, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951 and... Critical Unreviewed
CVE-2025-34198 was published Sep 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database