Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

190 advisories

Loading
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a... Low Unreviewed
CVE-2025-30198 was published Sep 5, 2025
An issue in Evope Core v.1.1.3.20 allows a local attacker to obtain sensitive information via the... High Unreviewed
CVE-2025-56577 was published Aug 29, 2025
The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An... Critical Unreviewed
CVE-2025-41702 was published Aug 26, 2025
Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and... Critical Unreviewed
CVE-2025-55619 was published Aug 22, 2025
A low privileged local attacker can abuse the affected service by using a hardcoded cryptographic... Moderate Unreviewed
CVE-2025-2810 was published Aug 5, 2025
Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An... High Unreviewed
CVE-2025-38741 was published Aug 4, 2025
Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded... High Unreviewed
CVE-2025-26476 was published Aug 4, 2025
RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker... Critical Unreviewed
CVE-2025-44963 was published Aug 4, 2025
An issue in Gardyn 4 allows a remote attacker with the corresponding ssh private key can gain... High Unreviewed
CVE-2025-29630 was published Jul 25, 2025
A potential security vulnerability has been identified in the Poly Clariti Manager for versions... Moderate Unreviewed
CVE-2025-43483 was published Jul 23, 2025
Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows... Moderate Unreviewed
CVE-2025-52374 was published Jul 21, 2025
Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows... Moderate Unreviewed
CVE-2025-52373 was published Jul 21, 2025
Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the... Moderate Unreviewed
CVE-2025-6074 was published Jul 3, 2025
Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE. An attacker... Moderate Unreviewed
CVE-2025-6071 was published Jul 3, 2025
A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local... High Unreviewed
CVE-2025-5353 was published Jun 10, 2025
A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local... High Unreviewed
CVE-2025-22463 was published Jun 10, 2025
A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated... High Unreviewed
CVE-2025-22455 was published Jun 10, 2025
Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of... Moderate Unreviewed
CVE-2025-49164 was published Jun 3, 2025
The certificate and private key used for providing transport layer security for connections to... Moderate Unreviewed
CVE-2025-48417 was published May 21, 2025
itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2F2wm6w== key (found in iLabClient... High Unreviewed
CVE-2024-56429 was published May 21, 2025
ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to... Moderate Unreviewed
CVE-2025-4876 was published May 19, 2025
In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the... Critical Unreviewed
CVE-2025-45746 was published May 13, 2025
Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the... High Unreviewed
CVE-2024-58134 was published May 3, 2025
Use of hard-coded cryptographic key vulnerability in i-PRO Configuration Tool affects the network... Moderate Unreviewed
CVE-2025-32730 was published Apr 24, 2025
Dpanel's hard-coded JWT secret leads to remote code execution Critical
CVE-2025-30206 was published for github.com/donknap/dpanel (Go) Apr 15, 2025
NS-Sp4ce Credited to NS-Sp4ce
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database