GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 27,998
Composer 5,462
Erlang 46
GitHub Actions 48
Go 3,361
Maven 6,349
npm 5,410
NuGet 881
pip 4,554
Pub 12
RubyGems 1,013
Rust 1,205
Swift 51

Unreviewed advisories

All unreviewed 295,677

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

656 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Harbor allows the use of the default password for web UI login Critical

CVE-2026-4404 was published for github.com/goharbor/harbor (Go) Mar 23, 2026

The web interface of the WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) contains... Critical Unreviewed

CVE-2026-30701 was published Mar 18, 2026

ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that... Critical Unreviewed

CVE-2016-20026 was published Mar 16, 2026

Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an... Critical Unreviewed

CVE-2026-24448 was published Mar 11, 2026

The /root/anaconda-ks.cfg installation configuration file in International Datacasting... Critical Unreviewed

CVE-2026-29120 was published Mar 4, 2026

International Datacasting Corporation (IDC) SFX2100 Satellite Receiver, trivial password for... Critical Unreviewed

CVE-2026-28777 was published Mar 4, 2026

The administrative credentials can be extracted through application API responses, mobile... Critical Unreviewed

CVE-2025-1242 was published Feb 25, 2026

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain hard... Critical Unreviewed

CVE-2026-27507 was published Feb 24, 2026

In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance contains hardcoded credentials for... Critical Unreviewed

CVE-2025-67304 was published Feb 19, 2026

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded... Critical Unreviewed

CVE-2026-22769 was published Feb 17, 2026

Glory RBG-100 recycler systems using the ISPK-08 software component contain hard-coded operating... Critical Unreviewed

CVE-2026-23647 was published Feb 17, 2026

Heatmiser Netmonitor 3.03 contains a hardcoded credentials vulnerability in the networkSetup.htm... Critical Unreviewed

CVE-2019-25322 was published Feb 13, 2026

newbee-mall includes pre-seeded administrator accounts in its database initialization script.... Critical Unreviewed

CVE-2026-26218 was published Feb 12, 2026

AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access... Critical Unreviewed

CVE-2020-37135 was published Feb 7, 2026

Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows... Critical Unreviewed

CVE-2020-37092 was published Feb 4, 2026

The database account and password are hardcoded, allowing login with the account to manipulate... Critical Unreviewed

CVE-2026-25202 was published Feb 2, 2026

Multiple hardcoded credentials have been identified, which are allowed to sign-in to the exos... Critical Unreviewed

CVE-2025-59091 was published Jan 26, 2026

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a Use of Hard-coded... Critical Unreviewed

CVE-2026-1221 was published Jan 20, 2026

Denver SHC-150 Smart Wifi Camera contains a hardcoded telnet credential vulnerability that allows... Critical Unreviewed

CVE-2021-47796 was published Jan 16, 2026

Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to... Critical Unreviewed

CVE-2020-36911 was published Jan 14, 2026

The firmware in KAON CG3000TC and CG3000T routers contains hard-coded credentials in clear text ... Critical Unreviewed

CVE-2025-7072 was published Jan 9, 2026

INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux... Critical Unreviewed

CVE-2019-25291 was published Jan 8, 2026

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that... Critical Unreviewed

CVE-2017-20214 was published Jan 8, 2026

Cypress Solutions CTM-200/CTM-ONE 1.3.6 contains hard-coded credentials vulnerability in Linux... Critical Unreviewed

CVE-2021-47744 was published Dec 31, 2025

Anevia Flamingo XL/XS 3.6.20 contains a critical vulnerability with weak default administrative... Critical Unreviewed

CVE-2023-53983 was published Dec 31, 2025

Previous1…27 Next

Previous 1 2 3 4 5 … 26 27 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

656 advisories