Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,844
Maven
5,000+
npm
4,470
NuGet
779
pip
4,231
Pub
12
RubyGems
974
Rust
1,093
Swift
48
Unreviewed advisories
All unreviewed
5,000+

25 advisories

Loading
Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service... Low Unreviewed
CVE-2022-0131 was published Jan 18, 2022
Hard-coded credentials in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the... Low Unreviewed
CVE-2020-25168 was published Apr 15, 2022
Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4... Low Unreviewed
CVE-2018-5552 was published May 13, 2022
CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption... Low Unreviewed
CVE-2020-6857 was published May 24, 2022
An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of... Low Unreviewed
CVE-2019-5139 was published May 24, 2022
Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower... Low Unreviewed
CVE-2020-3301 was published May 24, 2022
A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in... Low Unreviewed
CVE-2020-7515 was published May 24, 2022
A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were... Low Unreviewed
CVE-2020-25688 was published May 24, 2022
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could... Low Unreviewed
CVE-2019-4309 was published May 24, 2022
RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical... Low Unreviewed
CVE-2022-32967 was published Nov 29, 2022
There is an improper authentication vulnerability in Pandora FMS v764. The application verifies... Low Unreviewed
CVE-2022-43978 was published Jan 28, 2023
The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3... Low Unreviewed
CVE-2023-28895 was published Dec 1, 2023
A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719.... Low Unreviewed
CVE-2024-1661 was published Feb 20, 2024
A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as... Low Unreviewed
CVE-2024-7155 was published Jul 28, 2024
A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key,... Low Unreviewed
CVE-2023-20512 was published Aug 13, 2024
Dell PowerScale InsightIQ, version 5.0, contain a Use of hard coded Credentials vulnerability. A... Low Unreviewed
CVE-2024-39582 was published Sep 10, 2024
A vulnerability, which was classified as problematic, has been found in Cosmote Greece What's Up... Low Unreviewed
CVE-2024-10748 was published Nov 4, 2024
A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as... Low Unreviewed
CVE-2024-10920 was published Nov 6, 2024
A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all... Low Unreviewed
CVE-2024-50564 was published Jan 14, 2025
Hard-coded credentials were included as part of the application binary. These credentials served... Low Unreviewed
CVE-2024-45832 was published Jan 17, 2025
A vulnerability was found in i-Drive i11 and i12 up to 20250227 and classified as problematic.... Low Unreviewed
CVE-2025-1879 was published Mar 3, 2025
A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote... Low Unreviewed
CVE-2019-17659 was published Mar 17, 2025
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a... Low Unreviewed
CVE-2025-30198 was published Sep 5, 2025
A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of... Low Unreviewed
CVE-2025-9725 was published Sep 5, 2025
SQLE's JWT Secret Handler can be manipulated to use hard-coded cryptographic key Low
CVE-2025-15107 was published for github.com/actiontech/sqle (Go) Dec 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database