GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,828
Composer 4,768
Erlang 35
GitHub Actions 29
Go 2,332
Maven 5,625
npm 3,965
NuGet 713
pip 3,748
Pub 12
RubyGems 921
Rust 975
Swift 38

Unreviewed advisories

All unreviewed 258,992

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,233 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. An unauthenticated... High Unreviewed

CVE-2025-35940 was published Jun 10, 2025

WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass... Moderate Unreviewed

CVE-2025-5751 was published Jun 6, 2025

A predefined administrative account is not documented and cannot be deactivated. This account... Critical Unreviewed

CVE-2025-3321 was published Jun 6, 2025

Default credentials were present in the web portal for Airpointer 2.4.107-2, allowing an... Moderate Unreviewed

CVE-2025-4633 was published May 30, 2025

The CS5000 Fire Panel is vulnerable due to a hard-coded password that runs on a VNC server and... Critical Unreviewed

CVE-2025-46352 was published May 30, 2025

Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded... Critical Unreviewed

CVE-2025-48748 was published May 29, 2025

Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in... Moderate Unreviewed

CVE-2025-36572 was published May 28, 2025

A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This... Moderate Unreviewed

CVE-2025-5164 was published May 26, 2025

Iridium Certus 700 version 1.0.1 has an embedded credentials vulnerability in the code. This... Moderate Unreviewed

CVE-2025-41380 was published May 23, 2025

There are several scripts in the web interface that are accessible via undocumented hard-coded... Moderate Unreviewed

CVE-2025-48414 was published May 21, 2025

The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password hashes for the operating... High Unreviewed

CVE-2025-48413 was published May 21, 2025

ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to... Moderate Unreviewed

CVE-2025-4876 was published May 19, 2025

In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the... Critical Unreviewed

CVE-2025-45746 was published May 13, 2025

Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to... Moderate Unreviewed

CVE-2025-27488 was published May 13, 2025

The TeleMessage archiving backend through 2025-05-05 accepts API calls (to request an... Moderate Unreviewed

CVE-2025-47730 was published May 8, 2025

A vulnerability in the Out-of-Band Access Point (AP) Image Download feature of Cisco IOS XE... Critical Unreviewed

CVE-2025-20188 was published May 7, 2025

In Optigo Networks ONS NC600 versions 4.2.1-084 through 4.7.2-330, an attacker could connect with... Critical Unreviewed

CVE-2025-4041 was published May 6, 2025

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The... High Unreviewed

CVE-2025-32889 was published May 2, 2025

An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The... High Unreviewed

CVE-2025-32888 was published May 2, 2025

CWE-798: Use of Hard-coded Credentials Moderate Unreviewed

CVE-2025-23179 was published Apr 29, 2025

The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 uses a hardcoded password in... Moderate Unreviewed

CVE-2024-13688 was published Apr 28, 2025

NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR... Critical Unreviewed

CVE-2025-32985 was published Apr 25, 2025

Quantum StorNext Web GUI API before 7.2.4 grants access to internal StorNext configuration and... High Unreviewed

CVE-2025-46617 was published Apr 25, 2025

UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to read,... Critical Unreviewed

CVE-2025-46274 was published Apr 25, 2025

UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to gain... Critical Unreviewed

CVE-2025-46273 was published Apr 25, 2025

Previous 1 2 3 4 5 … 49 50 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,233 advisories