Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,752
Maven
5,000+
npm
4,357
NuGet
765
pip
4,121
Pub
12
RubyGems
961
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,376 advisories

Loading
An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A hardcoded Flickr API key... Moderate Unreviewed
CVE-2025-67809 was published Dec 15, 2025
Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented... Critical Unreviewed
CVE-2025-36752 was published Dec 13, 2025
ShineLan-X contains a set of credentials for an FTP server was found within the firmware,... Critical Unreviewed
CVE-2025-36747 was published Dec 13, 2025
Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for... High Unreviewed
CVE-2025-14611 was published Dec 12, 2025
The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for... Critical Unreviewed
CVE-2025-65823 was published Dec 10, 2025
Hard-coded cryptographic keys in Admin UI of EZCast Pro II version 1.17478.146 allows attackers... Critical Unreviewed
CVE-2025-13954 was published Dec 10, 2025
Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows... High Unreviewed
CVE-2021-47730 was published Dec 9, 2025
An attacker can use an undocumented UART port on the PCB as a side-channel with the user... Moderate Unreviewed
CVE-2025-41696 was published Dec 9, 2025
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected... Critical Unreviewed
CVE-2025-40938 was published Dec 9, 2025
Authentication Bypass via Hardcoded Credentials GoAway up to v0.62.18, fixed in 0.62.19, uses a... High Unreviewed
CVE-2025-65730 was published Dec 5, 2025
DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could... High Unreviewed
CVE-2025-66237 was published Dec 4, 2025
ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library. Critical Unreviewed
CVE-2025-29268 was published Dec 4, 2025
NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text... High Unreviewed
CVE-2025-64778 was published Dec 2, 2025
A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11... Moderate Unreviewed
CVE-2025-54341 was published Nov 25, 2025
Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key... Moderate Unreviewed
CVE-2025-63433 was published Nov 24, 2025
A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all... Moderate Unreviewed
CVE-2025-59669 was published Nov 18, 2025
AstrBot is vulnerable to RCE with hard-coded JWT signing keys Critical
CVE-2025-55449 was published for astrbot (pip) Nov 14, 2025
Marven11 Raven95676
Soulter
Credited to Marven11, Raven95676, and Soulter
NVIDIA AIStore contains a vulnerability in AuthN. A successful exploit of this vulnerability... High Unreviewed
CVE-2025-33186 was published Nov 11, 2025
SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or... Critical Unreviewed
CVE-2025-42890 was published Nov 11, 2025
Deck Mate 2 is distributed with static, hard-coded credentials for the root shell and web user... High Unreviewed
CVE-2025-34501 was published Nov 4, 2025
Use of Hard-Coded Credentials issue exists in MZK-DP300N version 1.07 and earlier, which may... High Unreviewed
CVE-2025-62777 was published Oct 28, 2025
Ghost Robotics Vision 60 v0.27.2 includes, among its physical interfaces, three RJ45 connectors... High Unreviewed
CVE-2025-41109 was published Oct 22, 2025
The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages. An... High Unreviewed
CVE-2025-41722 was published Oct 22, 2025
The WorkExaminer Professional server installation comes with an FTP server that is used to... High Unreviewed
CVE-2025-10639 was published Oct 21, 2025
An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security... Critical Unreviewed
CVE-2025-6950 was published Oct 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database