GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,715
Erlang
34
GitHub Actions
28
Go
2,301
Maven
5,000+
npm
3,946
NuGet
711
pip
3,715
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+
194 advisories
Filter by severity
Iridium Certus 700 version 1.0.1 has an embedded credentials vulnerability in the code. This...
Moderate
Unreviewed
CVE-2025-41380
was published
May 23, 2025
There are several scripts in the web interface that are accessible via undocumented hard-coded...
Moderate
Unreviewed
CVE-2025-48414
was published
May 21, 2025
ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to...
Moderate
Unreviewed
CVE-2025-4876
was published
May 19, 2025
Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to...
Moderate
Unreviewed
CVE-2025-27488
was published
May 13, 2025
The TeleMessage archiving backend through 2025-05-05 accepts API calls (to request an...
Moderate
Unreviewed
CVE-2025-47730
was published
May 8, 2025
CWE-798: Use of Hard-coded Credentials
Moderate
Unreviewed
CVE-2025-23179
was published
Apr 29, 2025
The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 uses a hardcoded password in...
Moderate
Unreviewed
CVE-2024-13688
was published
Apr 28, 2025
In the IROAD APK 5.2.5, there are Hardcoded Credentials in the APK for ports 9091 and 9092. The...
Moderate
Unreviewed
CVE-2025-30109
was published
Mar 18, 2025
IXON B.V. IXrouter IX2400 (Industrial Edge Gateway) v3.0 was discovered to contain hardcoded root...
Moderate
Unreviewed
CVE-2024-57790
was published
Feb 14, 2025
SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the...
Moderate
Unreviewed
CVE-2024-28989
was published
Feb 11, 2025
SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that...
Moderate
Unreviewed
CVE-2024-50692
was published
Jan 25, 2025
SunGrow WiNet-SV200.001.00.P027 and earlier versions contains a hardcoded password that can be...
Moderate
Unreviewed
CVE-2024-50690
was published
Jan 25, 2025
Flawed token generation implementation & Hard-coded key implementation
Moderate
Unreviewed
CVE-2024-55927
was published
Jan 23, 2025
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure...
Moderate
Unreviewed
CVE-2024-28778
was published
Jan 7, 2025
Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability...
Moderate
Unreviewed
CVE-2024-48007
was published
Dec 13, 2024
A vulnerability in the SonicWall SMA100 SSLVPN
firmware 10.2.1.13-72sv and earlier versions...
Moderate
Unreviewed
CVE-2024-45319
was published
Dec 5, 2024
A hardcoded decryption key in Thinkware Cloud APK v4.3.46 allows attackers to access sensitive...
Moderate
Unreviewed
CVE-2024-53614
was published
Dec 4, 2024
Duplicate Advisory: Keycloak Build Process Exposes Sensitive Data
Moderate
GHSA-jcgg-mg9g-p9wf
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
•
withdrawn
Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain a hardcoded...
Moderate
Unreviewed
CVE-2024-40410
was published
Nov 14, 2024
A vulnerability was found in Intelligent Apps Freenow App 12.10.0 on Android. It has been rated...
Moderate
Unreviewed
CVE-2024-11026
was published
Nov 9, 2024
Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in...
Moderate
Unreviewed
CVE-2024-5764
was published
Oct 23, 2024
MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded...
Moderate
Unreviewed
CVE-2024-4740
was published
Oct 18, 2024
A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with...
Moderate
Unreviewed
CVE-2024-20280
was published
Oct 16, 2024
VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder
Moderate
CVE-2024-9594
was published
for
github.com/kubernetes-sigs/image-builder
(Go)
Oct 15, 2024
Certain switch models from PLANET Technology have a Hard-coded Credential in the password...
Moderate
Unreviewed
CVE-2024-8449
was published
Sep 30, 2024
ProTip!
Advisories are also available from the
GraphQL API