GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,144
Composer 4,333
Erlang 31
GitHub Actions 22
Go 2,095
Maven 5,265
npm 3,760
NuGet 678
pip 3,446
Pub 12
RubyGems 892
Rust 882
Swift 37

Unreviewed advisories

All unreviewed 242,545

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

176 advisories

Filter by severity

Sort by

Least recently updated

Flawed token generation implementation & Hard-coded key implementation Moderate Unreviewed

CVE-2024-55927 was published Jan 23, 2025

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure... Moderate Unreviewed

CVE-2024-28778 was published Jan 7, 2025

A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions... Moderate Unreviewed

CVE-2024-45319 was published Dec 5, 2024

A hardcoded decryption key in Thinkware Cloud APK v4.3.46 allows attackers to access sensitive... Moderate Unreviewed

CVE-2024-53614 was published Dec 4, 2024

Duplicate Advisory: Keycloak Build Process Exposes Sensitive Data Moderate

GHSA-jcgg-mg9g-p9wf was published for org.keycloak:keycloak-quarkus-server (Maven) Nov 25, 2024 • withdrawn

Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain a hardcoded... Moderate Unreviewed

CVE-2024-40410 was published Nov 14, 2024

A vulnerability was found in Intelligent Apps Freenow App 12.10.0 on Android. It has been rated... Moderate Unreviewed

CVE-2024-11026 was published Nov 9, 2024

Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in... Moderate Unreviewed

CVE-2024-5764 was published Oct 23, 2024

MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded... Moderate Unreviewed

CVE-2024-4740 was published Oct 18, 2024

A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with... Moderate Unreviewed

CVE-2024-20280 was published Oct 16, 2024

VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder Moderate

CVE-2024-9594 was published for github.com/kubernetes-sigs/image-builder (Go) Oct 15, 2024

Certain switch models from PLANET Technology have a Hard-coded Credential in the password... Moderate Unreviewed

CVE-2024-8449 was published Sep 30, 2024

Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass... Moderate Unreviewed

CVE-2024-23958 was published Sep 28, 2024

SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential... Moderate Unreviewed

CVE-2024-28990 was published Sep 12, 2024

IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credentials that can be obtained by... Moderate Unreviewed

CVE-2024-35118 was published Aug 29, 2024

A vulnerability classified as critical has been found in Go-Tribe gotribe up to... Moderate Unreviewed

CVE-2024-8135 was published Aug 25, 2024

An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is sent between... Moderate Unreviewed

CVE-2024-45165 was published Aug 22, 2024

A vulnerability was found in demozx gf_cms 1.0/1.0.1. It has been classified as critical. This... Moderate Unreviewed

CVE-2024-8005 was published Aug 20, 2024

Identical Hardcoded Root Password for All Devices in GNCC's GC2 Indoor Security Camera 1080P... Moderate Unreviewed

CVE-2024-31798 was published Aug 15, 2024

Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique... Moderate Unreviewed

CVE-2024-33895 was published Aug 2, 2024

A vulnerability was found in TOTOLINK A3000RU 5.9c.5185. It has been rated as problematic. This... Moderate Unreviewed

CVE-2024-7170 was published Jul 29, 2024

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to unencrypted storing of WPA... Moderate Unreviewed

CVE-2024-41689 was published Jul 26, 2024

"Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an... Moderate Unreviewed

CVE-2024-38480 was published Jul 1, 2024

All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An... Moderate Unreviewed

CVE-2024-27159 was published Jun 14, 2024

All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An... Moderate Unreviewed

CVE-2024-27160 was published Jun 14, 2024

Previous 1 2 3 4 5 6 7 8 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

176 advisories