Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,426
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,670
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

11 advisories

Loading
Hard-Coded Key Used For Remember-me Token in Opencast Moderate
CVE-2020-5222 was published for org.opencastproject:opencast-kernel (Maven) Jan 30, 2020
LukasKalbertodt Credited to LukasKalbertodt
Microweber uses hard coded credentials Moderate
CVE-2023-5318 was published for microweber/microweber (Composer) Sep 30, 2023
Apprite CLI makes Use of Hard-coded Credentials Moderate
CVE-2023-50974 was published for appwrite (npm) Jan 9, 2024
Update share links to use FRP instead of SSH tunneling Moderate
CVE-2023-25823 was published for gradio (pip) Feb 23, 2023
gregsadetsky Credited to gregsadetsky and samueltc samueltc samueltc
VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder Moderate
CVE-2024-9594 was published for github.com/kubernetes-sigs/image-builder (Go) Oct 15, 2024
Duplicate Advisory: Keycloak Build Process Exposes Sensitive Data Moderate
GHSA-jcgg-mg9g-p9wf was published for org.keycloak:keycloak-quarkus-server (Maven) Nov 25, 2024 withdrawn
Apache Submarine Commons Utils has a hard-coded secret Moderate
CVE-2024-36264 was published for apache-submarine (Maven) Jun 12, 2024
Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret Moderate
CVE-2025-61926 was published for github.com/ossf/allstar (Go) Oct 10, 2025
AdamKorcz Credited to AdamKorcz and justaugustus justaugustus justaugustus
Duplicate Advisory: Hard-coded credentials in org.folio:mod-remote-storage Moderate
GHSA-hv5g-q4h3-64q4 was published for org.folio:mod-remote-storage (Maven) Jan 19, 2024 withdrawn
Hard-coded System User Credentials in Folio Data Export Spring module Moderate
CVE-2024-23685 was published for org.folio:mod-remote-storage (Maven) Jul 25, 2023
EVE Has Partially Predetermined Vault Key Moderate
CVE-2023-43637 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database