Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,778
Erlang
35
GitHub Actions
29
Go
2,332
Maven
5,000+
npm
3,966
NuGet
713
pip
3,759
Pub
12
RubyGems
921
Rust
975
Swift
38
Unreviewed advisories
All unreviewed
5,000+

586 advisories

Loading
Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization... Critical Unreviewed
CVE-2025-30406 was published Apr 3, 2025
VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys... Critical Unreviewed
CVE-2016-5333 was published May 17, 2022
NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root... Critical Unreviewed
CVE-2016-5678 was published May 17, 2022
NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8... Critical Unreviewed
CVE-2016-10115 was published May 17, 2022
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368... Critical Unreviewed
CVE-2025-27643 was published Mar 5, 2025
Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key. Critical Unreviewed
CVE-2021-22644 was published Jul 29, 2022
Mutiny 7.2.0-10788 suffers from Hardcoded root password. Critical Unreviewed
CVE-2022-37832 was published Dec 17, 2022
A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote... Critical Unreviewed
CVE-2015-2867 was published May 17, 2022
DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials (such as the username... Critical Unreviewed
CVE-2017-7576 was published May 13, 2022
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of... Critical Unreviewed
CVE-2015-7246 was published May 17, 2022
A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal... Critical Unreviewed
CVE-2016-9358 was published May 13, 2022
A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA,... Critical Unreviewed
CVE-2017-6022 was published May 13, 2022
Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative... Critical Unreviewed
CVE-2017-3222 was published May 13, 2022
The Epson "EasyMP" software is designed to remotely stream a users computer to supporting... Critical Unreviewed
CVE-2017-12860 was published May 13, 2022
The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to... Critical Unreviewed
CVE-2017-14143 was published May 14, 2022
Multiple hardcoded credentials in Xsuite 2.x. Critical Unreviewed
CVE-2015-4667 was published May 14, 2022
A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior... Critical Unreviewed
CVE-2017-9957 was published May 17, 2022
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use... Critical Unreviewed
CVE-2017-3186 was published May 13, 2022
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail... Critical Unreviewed
CVE-2017-3184 was published May 13, 2022
Incorrect access control in JMBroadcast JMB0150 Firmware v1.0 allows attackers to access... Critical Unreviewed
CVE-2025-28230 was published Apr 21, 2025
Dragonfly2 has hard coded cyptographic key Critical
CVE-2023-27584 was published for d7y.io/dragonfly/v2 (Go) Sep 19, 2024
cokeBeer
UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to read,... Critical Unreviewed
CVE-2025-46274 was published Apr 25, 2025
UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to gain... Critical Unreviewed
CVE-2025-46273 was published Apr 25, 2025
NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR... Critical Unreviewed
CVE-2025-32985 was published Apr 25, 2025
In Optigo Networks ONS NC600 versions 4.2.1-084 through 4.7.2-330, an attacker could connect with... Critical Unreviewed
CVE-2025-4041 was published May 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database