Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,876
Erlang
37
GitHub Actions
37
Go
2,525
Maven
5,000+
npm
4,186
NuGet
741
pip
3,967
Pub
12
RubyGems
947
Rust
1,028
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,338 advisories

Loading
Use of Hard-coded Credentials vulnerability in Essekia Helpie FAQ allows Retrieve Embedded... Moderate Unreviewed
CVE-2025-58659 was published Sep 22, 2025
Use of Hard-coded Credentials vulnerability in Risto Niinemets Estonian Shipping Methods for... Moderate Unreviewed
CVE-2025-58656 was published Sep 22, 2025
Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager allows Retrieve Embedded... Moderate Unreviewed
CVE-2025-58269 was published Sep 22, 2025
Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined... Critical Unreviewed
CVE-2025-57602 was published Sep 22, 2025
AiKaan Cloud Controller uses a single hardcoded SSH private key and the username `proxyuser` for... Critical Unreviewed
CVE-2025-57601 was published Sep 22, 2025
Hardcoded credentials in default configuration of PPress 0.0.9. High Unreviewed
CVE-2025-52159 was published Sep 19, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951,... High Unreviewed
CVE-2025-34197 was published Sep 19, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951 and... Critical Unreviewed
CVE-2025-34198 was published Sep 19, 2025
Use of Hard-coded Credentials vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3... High Unreviewed
CVE-2024-48842 was published Sep 17, 2025
An issue in H3C Device R365V300R004 allows a remote attacker to execute arbitrary code via the... High Unreviewed
CVE-2025-57577 was published Sep 12, 2025
An issue in H3C Magic M Device M2V100R006 allows a remote attacker to execute arbitrary code via... High Unreviewed
CVE-2025-57578 was published Sep 12, 2025
An issue in TOTOLINK Wi-Fi 6 Router Series Device X2000R-Gh-V2.0.0 allows a remote attacker to... High Unreviewed
CVE-2025-57579 was published Sep 12, 2025
The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to... Critical Unreviewed
CVE-2025-8570 was published Sep 11, 2025
Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information. High Unreviewed
CVE-2025-56466 was published Sep 10, 2025
CWE-798 Use of Hard-coded Credentials High Unreviewed
CVE-2025-55047 was published Sep 9, 2025
A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of... Low Unreviewed
CVE-2025-9725 was published Sep 5, 2025
PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default... Critical Unreviewed
CVE-2025-35451 was published Sep 5, 2025
PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials... Critical Unreviewed
CVE-2025-35452 was published Sep 5, 2025
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a... Low Unreviewed
CVE-2025-30198 was published Sep 5, 2025
Clinic Image System developed by Changing contains hard-coded Credentials, allowing... Critical Unreviewed
CVE-2025-8857 was published Aug 29, 2025
hippo4j Includes Hard Coded Secret Key in JWT Creation High
CVE-2025-51606 was published for cn.hippo4j:hippo4j-core (Maven) Aug 21, 2025
A vulnerability was determined in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3... Moderate Unreviewed
CVE-2025-9310 was published Aug 21, 2025
IBM Concert Software 1.0.0 through 1.1.0 contains hard-coded credentials, such as a password or... Moderate Unreviewed
CVE-2025-33100 was published Aug 18, 2025
A security issue was discovered in the Kubernetes Image Builder where default credentials are... High Unreviewed
CVE-2025-7342 was published Aug 18, 2025
Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by... Critical Unreviewed
CVE-2025-43982 was published Aug 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database