GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 28,101
Composer 5,484
Erlang 47
GitHub Actions 48
Go 3,378
Maven 6,352
npm 5,450
NuGet 881
pip 4,573
Pub 13
RubyGems 1,013
Rust 1,205
Swift 51

Unreviewed advisories

All unreviewed 295,796

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

237 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to... Moderate Unreviewed

CVE-2026-1612 was published Mar 30, 2026

Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious... Moderate Unreviewed

CVE-2025-9497 was published Mar 28, 2026

IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local... Moderate Unreviewed

CVE-2025-12708 was published Mar 25, 2026

A use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch. The remote... Moderate Unreviewed

CVE-2026-22900 was published Mar 20, 2026

ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that... Moderate Unreviewed

CVE-2016-20031 was published Mar 16, 2026

An unauthenticated remote attacker may use hardcodes credentials to get access to the previously... Moderate Unreviewed

CVE-2025-41710 was published Mar 10, 2026

Keygraph Shannon contains a hard-coded API key in its router configuration that, when the router... Moderate Unreviewed

CVE-2026-29023 was published Mar 9, 2026

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application... Moderate Unreviewed

CVE-2025-14923 was published Mar 3, 2026

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded... Moderate Unreviewed

CVE-2024-55023 was published Mar 3, 2026

IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information or... Moderate Unreviewed

CVE-2025-33089 was published Feb 17, 2026

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow... Moderate Unreviewed

CVE-2026-20111 was published Feb 4, 2026

The default password for the extended admin user mode in the application U9ExosAdmin.exe ("Kaba... Moderate Unreviewed

CVE-2025-59096 was published Jan 26, 2026

The program libraries (DLL) and binaries used by exos 9300 contain multiple hard-coded secrets.... Moderate Unreviewed

CVE-2025-59095 was published Jan 26, 2026

Use of Default Credentials, Hard-coded Credentials vulnerability in C2SGlobalSettings.dll in ... Moderate Unreviewed

CVE-2025-58744 was published Jan 21, 2026

Open 5GS WebUI uses a hard-coded JWT signing key (change-me) whenever the environment variable... Moderate Unreviewed

CVE-2026-0622 was published Jan 20, 2026

Firmware update files may expose password hashes for system accounts, which could allow a remote... Moderate Unreviewed

CVE-2026-22911 was published Jan 15, 2026

A security flaw has been discovered in getmaxun maxun up to 0.0.28. Impacted is an unknown... Moderate Unreviewed

CVE-2025-15105 was published Dec 27, 2025

An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A hardcoded Flickr API key... Moderate Unreviewed

CVE-2025-67809 was published Dec 15, 2025

An attacker can use an undocumented UART port on the PCB as a side-channel with the user... Moderate Unreviewed

CVE-2025-41696 was published Dec 9, 2025

A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11... Moderate Unreviewed

CVE-2025-54341 was published Nov 25, 2025

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key... Moderate Unreviewed

CVE-2025-63433 was published Nov 24, 2025

A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all... Moderate Unreviewed

CVE-2025-59669 was published Nov 18, 2025

Hardcoded credentials in gsigel14 ATLAS-EPIC commit f29312c (2025-05-26). Moderate Unreviewed

CVE-2025-60639 was published Oct 16, 2025

Use of Hard-coded Credentials vulnerability in Logo Software Inc. TigerWings ERP allows Read... Moderate Unreviewed

CVE-2025-10609 was published Oct 3, 2025

Use of Hard-coded Credentials vulnerability in Essekia Helpie FAQ allows Retrieve Embedded... Moderate Unreviewed

CVE-2025-58659 was published Sep 22, 2025

Previous1…10 Next

Previous 1 2 3 4 5 … 9 10 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

237 advisories