Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,954
Maven
5,000+
npm
4,606
NuGet
787
pip
4,305
Pub
12
RubyGems
984
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

1,420 advisories

Loading
AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access... Critical Unreviewed
CVE-2020-37135 was published Feb 7, 2026
EVE Has Partially Predetermined Vault Key Moderate
CVE-2023-43637 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow... Moderate Unreviewed
CVE-2026-20111 was published Feb 4, 2026
Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows... Critical Unreviewed
CVE-2020-37092 was published Feb 4, 2026
FUXA contains a hard-coded credential vulnerability High
CVE-2025-69971 was published for fuxa-server (npm) Feb 3, 2026
The database account and password are hardcoded, allowing login with the account to manipulate... Critical Unreviewed
CVE-2026-25202 was published Feb 2, 2026
SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability... High Unreviewed
CVE-2025-40537 was published Jan 28, 2026
Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows... High Unreviewed
CVE-2026-24346 was published Jan 27, 2026
Dormakaba provides the software FWServiceTool to update the firmware version of the Access... High Unreviewed
CVE-2025-59107 was published Jan 26, 2026
An RPC service, which is part of exos 9300, is reachable on port 4000, run by the process... High Unreviewed
CVE-2025-59092 was published Jan 26, 2026
The default password for the extended admin user mode in the application U9ExosAdmin.exe ("Kaba... Moderate Unreviewed
CVE-2025-59096 was published Jan 26, 2026
Multiple hardcoded credentials have been identified, which are allowed to sign-in to the exos... Critical Unreviewed
CVE-2025-59091 was published Jan 26, 2026
The program libraries (DLL) and binaries used by exos 9300 contain multiple hard-coded secrets.... Moderate Unreviewed
CVE-2025-59095 was published Jan 26, 2026
Use of Default Credentials, Hard-coded Credentials vulnerability in C2SGlobalSettings.dll in ... Moderate Unreviewed
CVE-2025-58744 was published Jan 21, 2026
Open 5GS WebUI uses a hard-coded JWT signing key (change-me) whenever the environment variable... Moderate Unreviewed
CVE-2026-0622 was published Jan 20, 2026
IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0... High Unreviewed
CVE-2025-14115 was published Jan 20, 2026
PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a Use of Hard-coded... Critical Unreviewed
CVE-2026-1221 was published Jan 20, 2026
Denver SHC-150 Smart Wifi Camera contains a hardcoded telnet credential vulnerability that allows... Critical Unreviewed
CVE-2021-47796 was published Jan 16, 2026
Firmware update files may expose password hashes for system accounts, which could allow a remote... Moderate Unreviewed
CVE-2026-22911 was published Jan 15, 2026
Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to... Critical Unreviewed
CVE-2020-36911 was published Jan 14, 2026
The firmware in KAON CG3000TC and CG3000T routers contains hard-coded credentials in clear text ... Critical Unreviewed
CVE-2025-7072 was published Jan 9, 2026
INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux... Critical Unreviewed
CVE-2019-25291 was published Jan 8, 2026
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that... Critical Unreviewed
CVE-2017-20214 was published Jan 8, 2026
Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default... High Unreviewed
CVE-2020-36915 was published Jan 6, 2026
Cypress Solutions CTM-200/CTM-ONE 1.3.6 contains hard-coded credentials vulnerability in Linux... Critical Unreviewed
CVE-2021-47744 was published Dec 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database