GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 28,808
Composer 5,566
Erlang 49
GitHub Actions 49
Go 3,479
Maven 6,393
npm 5,718
NuGet 886
pip 4,740
Pub 13
RubyGems 1,031
Rust 1,225
Swift 53

Unreviewed advisories

All unreviewed 297,386

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

657 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Tigo Energy's Cloud Connect Advanced (CCA) device contains hard-coded credentials that allow... Critical Unreviewed

CVE-2025-7768 was published Aug 6, 2025

Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if... Critical Unreviewed

CVE-2024-1039 was published Feb 2, 2024

Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by... Critical Unreviewed

CVE-2025-43982 was published Aug 13, 2025

An high privileged remote attacker can enable telnet access that accepts hardcoded credentials. Critical Unreviewed

CVE-2024-28751 was published Jul 9, 2024

Clinic Image System developed by Changing contains hard-coded Credentials, allowing... Critical Unreviewed

CVE-2025-8857 was published Aug 29, 2025

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials... Critical Unreviewed

CVE-2025-35452 was published Sep 5, 2025

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default... Critical Unreviewed

CVE-2025-35451 was published Sep 5, 2025

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to... Critical Unreviewed

CVE-2024-9643 was published Feb 4, 2025

Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined... Critical Unreviewed

CVE-2025-57602 was published Sep 22, 2025

AiKaan Cloud Controller uses a single hardcoded SSH private key and the username `proxyuser` for... Critical Unreviewed

CVE-2025-57601 was published Sep 22, 2025

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951 and... Critical Unreviewed

CVE-2025-34198 was published Sep 19, 2025

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive... Critical Unreviewed

CVE-2024-3700 was published Jun 10, 2024

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive... Critical Unreviewed

CVE-2024-3699 was published Jun 10, 2024

Use of a hard-coded password for a database administrator account created during Wapro ERP... Critical Unreviewed

CVE-2024-4996 was published Dec 18, 2024

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive... Critical Unreviewed

CVE-2024-1228 was published Jun 10, 2024

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.862 and Application... Critical Unreviewed

CVE-2025-34209 was published Sep 29, 2025

Incorrect handling of credential expiry by /nats-io/nats-server Critical

CVE-2020-26892 was published for github.com/nats-io/jwt (Go) Feb 11, 2022

Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token... Critical Unreviewed

CVE-2025-56749 was published Oct 15, 2025

The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up... Critical Unreviewed

CVE-2025-10850 was published Oct 16, 2025

An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security... Critical Unreviewed

CVE-2025-6950 was published Oct 17, 2025

The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a... Critical Unreviewed

CVE-2022-26138 was published Jul 21, 2022

Unitronics Vision Series PLCs and HMIs use default administrative passwords. An unauthenticated... Critical Unreviewed

CVE-2023-6448 was published Dec 5, 2023

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker... Critical Unreviewed

CVE-2024-20439 was published Sep 4, 2024

Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization... Critical Unreviewed

CVE-2025-30406 was published Apr 3, 2025

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been... Critical Unreviewed

CVE-2024-3272 was published Apr 4, 2024

Previous 1…24…27 Next

Previous 1 2 … 22 23 24 25 26 27 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

657 advisories