GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 27,998
Composer 5,462
Erlang 46
GitHub Actions 48
Go 3,361
Maven 6,349
npm 5,410
NuGet 881
pip 4,554
Pub 12
RubyGems 1,013
Rust 1,205
Swift 51

Unreviewed advisories

All unreviewed 295,665

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

1,460 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to... Moderate Unreviewed

CVE-2026-1612 was published Mar 30, 2026

Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious... Moderate Unreviewed

CVE-2025-9497 was published Mar 28, 2026

HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this... High Unreviewed

CVE-2025-55262 was published Mar 26, 2026

HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access... High Unreviewed

CVE-2025-55263 was published Mar 26, 2026

IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local... Moderate Unreviewed

CVE-2025-12708 was published Mar 25, 2026

Use of Hard-coded Credentials vulnerability in Addi Addi – Cuotas que se adaptan a ti buy... High Unreviewed

CVE-2026-27073 was published Mar 25, 2026

Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized... High Unreviewed

CVE-2026-1958 was published Mar 23, 2026

Harbor allows the use of the default password for web UI login Critical

CVE-2026-4404 was published for github.com/goharbor/harbor (Go) Mar 23, 2026

A use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch. The remote... Moderate Unreviewed

CVE-2026-22900 was published Mar 20, 2026

The web interface of the WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) contains... Critical Unreviewed

CVE-2026-30701 was published Mar 18, 2026

ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that... Critical Unreviewed

CVE-2016-20026 was published Mar 16, 2026

ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that... Moderate Unreviewed

CVE-2016-20031 was published Mar 16, 2026

Use of Hard-coded Credentials vulnerability in Avantra allows Accessing Functionality Not... High Unreviewed

CVE-2026-3873 was published Mar 13, 2026

A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer... High Unreviewed

CVE-2026-28255 was published Mar 12, 2026

eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows... High Unreviewed

CVE-2019-25470 was published Mar 11, 2026

Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an... Critical Unreviewed

CVE-2026-24448 was published Mar 11, 2026

CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information... High Unreviewed

CVE-2025-13957 was published Mar 10, 2026

An unauthenticated remote attacker may use hardcodes credentials to get access to the previously... Moderate Unreviewed

CVE-2025-41710 was published Mar 10, 2026

Keygraph Shannon contains a hard-coded API key in its router configuration that, when the router... Moderate Unreviewed

CVE-2026-29023 was published Mar 9, 2026

International Datacasting Corporation (IDC) SFX Series SuperFlex(SFX2100) SatelliteReceiver... High Unreviewed

CVE-2026-29119 was published Mar 4, 2026

The /root/anaconda-ks.cfg installation configuration file in International Datacasting... Critical Unreviewed

CVE-2026-29120 was published Mar 4, 2026

International Datacasting Corporation (IDC) SFX2100 Satellite Receiver, trivial password for... Critical Unreviewed

CVE-2026-28777 was published Mar 4, 2026

International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver contains... High Unreviewed

CVE-2026-28776 was published Mar 4, 2026

International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver contains... High Unreviewed

CVE-2026-28778 was published Mar 4, 2026

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded... Moderate Unreviewed

CVE-2024-55023 was published Mar 3, 2026

Previous1…59 Next

Previous 1 2 3 4 5 … 58 59 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,460 advisories