Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,752
Maven
5,000+
npm
4,357
NuGet
765
pip
4,121
Pub
12
RubyGems
961
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

228 advisories

Loading
An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A hardcoded Flickr API key... Moderate Unreviewed
CVE-2025-67809 was published Dec 15, 2025
An attacker can use an undocumented UART port on the PCB as a side-channel with the user... Moderate Unreviewed
CVE-2025-41696 was published Dec 9, 2025
A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11... Moderate Unreviewed
CVE-2025-54341 was published Nov 25, 2025
Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key... Moderate Unreviewed
CVE-2025-63433 was published Nov 24, 2025
A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all... Moderate Unreviewed
CVE-2025-59669 was published Nov 18, 2025
Hardcoded credentials in gsigel14 ATLAS-EPIC commit f29312c (2025-05-26). Moderate Unreviewed
CVE-2025-60639 was published Oct 16, 2025
Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret Moderate
CVE-2025-61926 was published for github.com/ossf/allstar (Go) Oct 10, 2025
AdamKorcz justaugustus
Credited to AdamKorcz and justaugustus
Use of Hard-coded Credentials vulnerability in Logo Software Inc. TigerWings ERP allows Read... Moderate Unreviewed
CVE-2025-10609 was published Oct 3, 2025
Use of Hard-coded Credentials vulnerability in Essekia Helpie FAQ allows Retrieve Embedded... Moderate Unreviewed
CVE-2025-58659 was published Sep 22, 2025
Use of Hard-coded Credentials vulnerability in Risto Niinemets Estonian Shipping Methods for... Moderate Unreviewed
CVE-2025-58656 was published Sep 22, 2025
Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager allows Retrieve Embedded... Moderate Unreviewed
CVE-2025-58269 was published Sep 22, 2025
A vulnerability was determined in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3... Moderate Unreviewed
CVE-2025-9310 was published Aug 21, 2025
IBM Concert Software 1.0.0 through 1.1.0 contains hard-coded credentials, such as a password or... Moderate Unreviewed
CVE-2025-33100 was published Aug 18, 2025
This vulnerability exists in ZKTeco WL20 due to hard-coded MQTT credentials and endpoints stored... Moderate Unreviewed
CVE-2025-54465 was published Aug 13, 2025
This vulnerability exists in ZKTeco WL20 due to hard-coded private key stored in plaintext within... Moderate Unreviewed
CVE-2025-55279 was published Aug 13, 2025
SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If... Moderate Unreviewed
CVE-2025-26398 was published Aug 12, 2025
A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7.... Moderate Unreviewed
CVE-2025-8530 was published Aug 5, 2025
A vulnerability was discovered in the storage policy for certain sets of authentication keys in... Moderate Unreviewed
CVE-2025-37111 was published Jul 31, 2025
A vulnerability was discovered in the storage policy for certain sets of encryption keys in the... Moderate Unreviewed
CVE-2025-37112 was published Jul 31, 2025
An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized... Moderate Unreviewed
CVE-2025-4570 was published Jul 21, 2025
Use of Hard-coded Credentials in TP-Link Archer C50 V3( <= 180703)/V4( <= 250117 )/V5( ... Moderate Unreviewed
CVE-2025-6982 was published Jul 16, 2025
This vulnerability exists in Digisol DG-GR6821AC Router due to hard-coded Root Access Credentials... Moderate Unreviewed
CVE-2025-53754 was published Jul 16, 2025
Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN... Moderate Unreviewed
CVE-2025-53842 was published Jul 16, 2025
Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root password hash in the /etc/passwd file... Moderate Unreviewed
CVE-2025-52363 was published Jul 14, 2025
A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up... Moderate Unreviewed
CVE-2025-7079 was published Jul 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database