Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,698
Maven
5,000+
npm
4,325
NuGet
761
pip
4,099
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,326 advisories

Loading
NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text... High Unreviewed
CVE-2025-64778 was published Dec 2, 2025
A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11... Moderate Unreviewed
CVE-2025-54341 was published Nov 25, 2025
Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key... Moderate Unreviewed
CVE-2025-63433 was published Nov 24, 2025
A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all... Moderate Unreviewed
CVE-2025-59669 was published Nov 18, 2025
NVIDIA AIStore contains a vulnerability in AuthN. A successful exploit of this vulnerability... High Unreviewed
CVE-2025-33186 was published Nov 11, 2025
SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or... Critical Unreviewed
CVE-2025-42890 was published Nov 11, 2025
A security issue was discovered in the Kubernetes Image Builder where default credentials are... High Unreviewed
CVE-2025-7342 was published Aug 18, 2025
Insecure AES key in Yealink Configuration Encrypt Tool below verrsion 1.2. A single, vendorwide,... Critical Unreviewed
CVE-2024-24681 was published Feb 24, 2024
The affected devices use publicly available default credentials with administrative privileges. Critical Unreviewed
CVE-2023-39169 was published Dec 7, 2023
There are several hidden accounts. Some of them are intended for maintenance engineers, and with... Critical Unreviewed
CVE-2024-35244 was published Nov 26, 2024
API keys for some cloud services are hardcoded in the "main" binary. As for the details of... Critical Unreviewed
CVE-2024-36248 was published Nov 26, 2024
Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique... Moderate Unreviewed
CVE-2024-33895 was published Aug 2, 2024
A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013... Critical Unreviewed
CVE-2023-46685 was published Jul 8, 2024
Deck Mate 2 is distributed with static, hard-coded credentials for the root shell and web user... High Unreviewed
CVE-2025-34501 was published Nov 4, 2025
The firmware of all Wattsense Bridge devices contain the same hard-coded user and root... Critical Unreviewed
CVE-2025-26410 was published Feb 11, 2025
The application uses several hard-coded credentials to encrypt config files during backup, to... High Unreviewed
CVE-2024-28146 was published Dec 12, 2024
An attacker with local access to the medical office computer can access restricted functions of... High Unreviewed
CVE-2024-50593 was published Nov 8, 2024
A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows... High Unreviewed
CVE-2024-31151 was published Oct 30, 2024
A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows... High Unreviewed
CVE-2024-28875 was published Oct 30, 2024
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which... High Unreviewed
CVE-2024-31873 was published Apr 10, 2024
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password... High Unreviewed
CVE-2020-4429 was published May 24, 2022
Use of Hard-coded Credentials in TP-Link Archer C50 V3( <= 180703)/V4( <= 250117 )/V5( ... Moderate Unreviewed
CVE-2025-6982 was published Jul 16, 2025
There are several scripts in the web interface that are accessible via undocumented hard-coded... Moderate Unreviewed
CVE-2025-48414 was published May 21, 2025
The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password hashes for the operating... High Unreviewed
CVE-2025-48413 was published May 21, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368... Critical Unreviewed
CVE-2025-27643 was published Mar 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database