Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

190 advisories

Loading
FUXA has a hardcoded fallback JWT signing secret High
GHSA-c8m8-3jcr-6rj5 was published for @frangoteam/fuxa (npm) Mar 7, 2026
blankshiro Credited to blankshiro
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application... Moderate Unreviewed
CVE-2025-14923 was published Mar 3, 2026
An embedded test key and certificate could be extracted from a Poly Voice device using... High Unreviewed
CVE-2026-0754 was published Mar 3, 2026
Since the encryption algorithm used to protect firmware updates is itself encrypted using key... High Unreviewed
CVE-2026-1442 was published Feb 27, 2026
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a... High Unreviewed
CVE-2026-27519 was published Feb 24, 2026
In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contains hardcoded SSH keys for... Critical Unreviewed
CVE-2025-67305 was published Feb 19, 2026
Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured... Critical Unreviewed
CVE-2026-26335 was published Feb 13, 2026
User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated... Critical Unreviewed
CVE-2026-22906 was published Feb 9, 2026
Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials,... High Unreviewed
CVE-2026-2103 was published Feb 6, 2026
FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration Critical
CVE-2026-25894 was published for fuxa-server (npm) Feb 5, 2026
wodzen Credited to wodzen
EVE Has Partially Predetermined Vault Key Moderate
CVE-2023-43637 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
Bambuddy Uses Hardcoded Secret Key + Many API Endpoints do not Require Authentication Critical
CVE-2026-25505 was published for bambuddy (pip) Feb 2, 2026
Speenah Credited to Speenah
Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages,... Critical Unreviewed
CVE-2026-22586 was published Jan 24, 2026
The use of a hard-coded encryption key in calls to the Password function in C2SGlobalSettings.dll... High Unreviewed
CVE-2025-58740 was published Jan 21, 2026
Delta Electronics DIAView has multiple vulnerabilities. Critical Unreviewed
CVE-2025-62581 was published Jan 16, 2026
SQLE's JWT Secret Handler can be manipulated to use hard-coded cryptographic key Low
CVE-2025-15107 was published for github.com/actiontech/sqle (Go) Dec 27, 2025
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control... Moderate Unreviewed
CVE-2025-52601 was published Dec 26, 2025
Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability,... Critical Unreviewed
CVE-2025-15016 was published Dec 22, 2025
Apache StreamPark has a hard-coded encryption key High
CVE-2025-54947 was published for org.apache.streampark:streampark (Maven) Dec 12, 2025
Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments Moderate
CVE-2025-13877 was published for @nocobase/auth (npm) Dec 9, 2025
H2u8s Credited to H2u8s
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key... Critical Unreviewed
CVE-2025-34256 was published Dec 5, 2025
arcade-mcp-server Has Default Hardcoded Worker Secret That Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints Moderate
CVE-2025-66454 was published for arcade-mcp-server (pip) Dec 2, 2025
qi-scape Credited to qi-scape
Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected... High Unreviewed
CVE-2025-11781 was published Dec 2, 2025
"FOD" App uses hard-coded cryptographic keys, which may allow a local unauthenticated attacker to... Moderate Unreviewed
CVE-2025-64304 was published Nov 25, 2025
Apache Syncope's AES encryption stores hard-coded passwords in internal database High
CVE-2025-65998 was published for org.apache.syncope:syncope-core (Maven) Nov 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database