GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,628
Composer 4,715
Erlang 34
GitHub Actions 28
Go 2,301
Maven 5,577
npm 3,946
NuGet 711
pip 3,715
Pub 12
RubyGems 920
Rust 964
Swift 38

Unreviewed advisories

All unreviewed 257,122

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

194 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Iridium Certus 700 version 1.0.1 has an embedded credentials vulnerability in the code. This... Moderate Unreviewed

CVE-2025-41380 was published May 23, 2025

There are several scripts in the web interface that are accessible via undocumented hard-coded... Moderate Unreviewed

CVE-2025-48414 was published May 21, 2025

ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to... Moderate Unreviewed

CVE-2025-4876 was published May 19, 2025

Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to... Moderate Unreviewed

CVE-2025-27488 was published May 13, 2025

The TeleMessage archiving backend through 2025-05-05 accepts API calls (to request an... Moderate Unreviewed

CVE-2025-47730 was published May 8, 2025

CWE-798: Use of Hard-coded Credentials Moderate Unreviewed

CVE-2025-23179 was published Apr 29, 2025

The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 uses a hardcoded password in... Moderate Unreviewed

CVE-2024-13688 was published Apr 28, 2025

In the IROAD APK 5.2.5, there are Hardcoded Credentials in the APK for ports 9091 and 9092. The... Moderate Unreviewed

CVE-2025-30109 was published Mar 18, 2025

IXON B.V. IXrouter IX2400 (Industrial Edge Gateway) v3.0 was discovered to contain hardcoded root... Moderate Unreviewed

CVE-2024-57790 was published Feb 14, 2025

SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the... Moderate Unreviewed

CVE-2024-28989 was published Feb 11, 2025

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that... Moderate Unreviewed

CVE-2024-50692 was published Jan 25, 2025

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains a hardcoded password that can be... Moderate Unreviewed

CVE-2024-50690 was published Jan 25, 2025

Flawed token generation implementation & Hard-coded key implementation Moderate Unreviewed

CVE-2024-55927 was published Jan 23, 2025

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure... Moderate Unreviewed

CVE-2024-28778 was published Jan 7, 2025

Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability... Moderate Unreviewed

CVE-2024-48007 was published Dec 13, 2024

A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions... Moderate Unreviewed

CVE-2024-45319 was published Dec 5, 2024

A hardcoded decryption key in Thinkware Cloud APK v4.3.46 allows attackers to access sensitive... Moderate Unreviewed

CVE-2024-53614 was published Dec 4, 2024

Duplicate Advisory: Keycloak Build Process Exposes Sensitive Data Moderate

GHSA-jcgg-mg9g-p9wf was published for org.keycloak:keycloak-quarkus-server (Maven) Nov 25, 2024 • withdrawn

Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain a hardcoded... Moderate Unreviewed

CVE-2024-40410 was published Nov 14, 2024

A vulnerability was found in Intelligent Apps Freenow App 12.10.0 on Android. It has been rated... Moderate Unreviewed

CVE-2024-11026 was published Nov 9, 2024

Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in... Moderate Unreviewed

CVE-2024-5764 was published Oct 23, 2024

MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded... Moderate Unreviewed

CVE-2024-4740 was published Oct 18, 2024

A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with... Moderate Unreviewed

CVE-2024-20280 was published Oct 16, 2024

VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder Moderate

CVE-2024-9594 was published for github.com/kubernetes-sigs/image-builder (Go) Oct 15, 2024

Certain switch models from PLANET Technology have a Hard-coded Credential in the password... Moderate Unreviewed

CVE-2024-8449 was published Sep 30, 2024

Previous 1 2 3 4 5 6 7 8 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

194 advisories