GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 28,553
Composer 5,554
Erlang 49
GitHub Actions 49
Go 3,426
Maven 6,365
npm 5,645
NuGet 882
pip 4,670
Pub 13
RubyGems 1,029
Rust 1,212
Swift 53

Unreviewed advisories

All unreviewed 296,685

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,417 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Text to Speech for WP (AI Voices by Mementor) plugin for WordPress is vulnerable to sensitive... High Unreviewed

CVE-2026-1233 was published Apr 4, 2026

GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that... Critical Unreviewed

CVE-2017-20234 was published Apr 4, 2026

Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not... High Unreviewed

CVE-2025-10681 was published Apr 3, 2026

Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious... Moderate Unreviewed

CVE-2025-9497 was published Mar 28, 2026

A vulnerability was identified in MEPIS RM, an industrial software product developed by Metronik.... Moderate Unreviewed

CVE-2026-25601 was published Apr 1, 2026

A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210,... High Unreviewed

CVE-2025-15605 was published Mar 23, 2026

AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to... Moderate Unreviewed

CVE-2026-1612 was published Mar 30, 2026

A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer... High Unreviewed

CVE-2026-28255 was published Mar 12, 2026

HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this... High Unreviewed

CVE-2025-55262 was published Mar 26, 2026

Use of Hard-coded Credentials vulnerability in Addi Addi – Cuotas que se adaptan a ti buy... High Unreviewed

CVE-2026-27073 was published Mar 25, 2026

HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access... High Unreviewed

CVE-2025-55263 was published Mar 26, 2026

IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local... Moderate Unreviewed

CVE-2025-12708 was published Mar 25, 2026

A use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch. The remote... Moderate Unreviewed

CVE-2026-22900 was published Mar 20, 2026

Use of Hard-coded Credentials vulnerability in Utarit Information Technologies SoliPay Mobile App... High Unreviewed

CVE-2023-6255 was published Feb 15, 2024

CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access... High Unreviewed

CVE-2023-6409 was published Feb 14, 2024

The web interface of the WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) contains... Critical Unreviewed

CVE-2026-30701 was published Mar 18, 2026

Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized... High Unreviewed

CVE-2026-1958 was published Mar 23, 2026

A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719.... Low Unreviewed

CVE-2024-1661 was published Feb 20, 2024

Encrypted database credentials in LaborOfficeFree affecting version 19.10. This vulnerability... Moderate Unreviewed

CVE-2024-1344 was published Feb 19, 2024

Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for... Moderate Unreviewed

CVE-2022-29960 was published Jul 27, 2022

auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, ... Moderate Unreviewed

CVE-2010-2073 was published May 17, 2022

Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back... High Unreviewed

CVE-2005-0496 was published May 1, 2022

EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to... High Unreviewed

CVE-2008-0961 was published May 1, 2022

Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password ... High Unreviewed

CVE-2010-1573 was published May 14, 2022

Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users... Moderate Unreviewed

CVE-2010-2772 was published May 17, 2022

Previous1…57 Next

Previous 1 2 3 4 5 … 56 57 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,417 advisories