Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
47
GitHub Actions
48
Go
3,378
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,573
Pub
13
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

515 advisories

Loading
HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this... High Unreviewed
CVE-2025-55262 was published Mar 26, 2026
HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access... High Unreviewed
CVE-2025-55263 was published Mar 26, 2026
Use of Hard-coded Credentials vulnerability in Addi Addi – Cuotas que se adaptan a ti buy... High Unreviewed
CVE-2026-27073 was published Mar 25, 2026
A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210,... High Unreviewed
CVE-2025-15605 was published Mar 23, 2026
Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized... High Unreviewed
CVE-2026-1958 was published Mar 23, 2026
Use of Hard-coded Credentials vulnerability in Avantra allows Accessing Functionality Not... High Unreviewed
CVE-2026-3873 was published Mar 13, 2026
A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer... High Unreviewed
CVE-2026-28255 was published Mar 12, 2026
eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows... High Unreviewed
CVE-2019-25470 was published Mar 11, 2026
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information... High Unreviewed
CVE-2025-13957 was published Mar 10, 2026
International Datacasting Corporation (IDC) SFX Series SuperFlex(SFX2100) SatelliteReceiver... High Unreviewed
CVE-2026-29119 was published Mar 4, 2026
International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver contains... High Unreviewed
CVE-2026-28776 was published Mar 4, 2026
International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver contains... High Unreviewed
CVE-2026-28778 was published Mar 4, 2026
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in... High Unreviewed
CVE-2024-55027 was published Mar 3, 2026
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password... High Unreviewed
CVE-2024-55021 was published Mar 3, 2026
Multiple Finka programs use hard-coded Firebird database credentials (shared across all instances... High Unreviewed
CVE-2025-13776 was published Feb 24, 2026
Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within... High Unreviewed
CVE-2026-26334 was published Feb 13, 2026
Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials,... High Unreviewed
CVE-2026-2103 was published Feb 6, 2026
SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability... High Unreviewed
CVE-2025-40537 was published Jan 28, 2026
Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows... High Unreviewed
CVE-2026-24346 was published Jan 27, 2026
Dormakaba provides the software FWServiceTool to update the firmware version of the Access... High Unreviewed
CVE-2025-59107 was published Jan 26, 2026
An RPC service, which is part of exos 9300, is reachable on port 4000, run by the process... High Unreviewed
CVE-2025-59092 was published Jan 26, 2026
IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0... High Unreviewed
CVE-2025-14115 was published Jan 20, 2026
Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default... High Unreviewed
CVE-2020-36915 was published Jan 6, 2026
Use of Hard-coded Credentials vulnerability in Utarit Informatics Services Inc. SoliClub allows... High Unreviewed
CVE-2025-7358 was published Dec 18, 2025
Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows... High Unreviewed
CVE-2025-1029 was published Dec 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database