GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 27,905
Composer 5,452
Erlang 46
GitHub Actions 47
Go 3,340
Maven 6,338
npm 5,367
NuGet 881
pip 4,549
Pub 12
RubyGems 1,012
Rust 1,202
Swift 51

Unreviewed advisories

All unreviewed 295,466

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

50 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small... Critical Unreviewed

CVE-2025-67112 was published Mar 19, 2026

Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured... Critical Unreviewed

CVE-2026-26335 was published Feb 13, 2026

In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contains hardcoded SSH keys for... Critical Unreviewed

CVE-2025-67305 was published Feb 19, 2026

User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated... Critical Unreviewed

CVE-2026-22906 was published Feb 9, 2026

Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages,... Critical Unreviewed

CVE-2026-22586 was published Jan 24, 2026

Delta Electronics DIAView has multiple vulnerabilities. Critical Unreviewed

CVE-2025-62581 was published Jan 16, 2026

Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability,... Critical Unreviewed

CVE-2025-15016 was published Dec 22, 2025

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key... Critical Unreviewed

CVE-2025-34256 was published Dec 5, 2025

Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to... Critical Unreviewed

CVE-2025-63289 was published Nov 12, 2025

Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).This issue affects BLU-IC2... Critical Unreviewed

CVE-2025-12599 was published Nov 1, 2025

RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker... Critical Unreviewed

CVE-2025-44963 was published Aug 4, 2025

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed

CVE-2025-27674 was published Mar 5, 2025

Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization... Critical Unreviewed

CVE-2025-30406 was published Apr 3, 2025

Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability,... Critical Unreviewed

CVE-2025-11899 was published Oct 17, 2025

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and... Critical Unreviewed

CVE-2025-34234 was published Sep 29, 2025

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments)... Critical Unreviewed

CVE-2025-34217 was published Sep 30, 2025

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and... Critical Unreviewed

CVE-2025-34211 was published Sep 29, 2025

The Flock Safety DetectionProcessing com.flocksafety.android.objects application 6.35.33 for... Critical Unreviewed

CVE-2025-59407 was published Oct 2, 2025

The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via... Critical Unreviewed

CVE-2025-8625 was published Sep 30, 2025

The secret used for validating authentication tokens is hardcoded in device firmware for... Critical Unreviewed

CVE-2025-54807 was published Sep 18, 2025

An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4... Critical Unreviewed

CVE-2025-57174 was published Sep 15, 2025

Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and... Critical Unreviewed

CVE-2025-55619 was published Aug 22, 2025

The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An... Critical Unreviewed

CVE-2025-41702 was published Aug 26, 2025

In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the... Critical Unreviewed

CVE-2025-45746 was published May 13, 2025

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded... Critical Unreviewed

CVE-2022-34441 was published Jan 11, 2023

Previous12 Next

Previous 1 2 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

50 advisories