Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

483 advisories

Loading
Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to... High Unreviewed
CVE-2024-46436 was published Feb 10, 2025
Certain models of routers from Billion Electric has hard-coded embedded linux credentials,... High Unreviewed
CVE-2025-1143 was published Feb 11, 2025
Use of Hard-coded Credentials vulnerability in GoodWe Technologies Co., Ltd. GW1500‑XS allows... High Unreviewed
CVE-2024-8893 was published Feb 14, 2025
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application... High Unreviewed
CVE-2024-52902 was published Feb 19, 2025
Use of Hard-coded Credentials, Storage of Sensitive Data in a Mechanism without Access Control... High Unreviewed
CVE-2024-9334 was published Feb 27, 2025
Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege... High Unreviewed
CVE-2025-27255 was published Mar 10, 2025
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable... High Unreviewed
CVE-2024-13773 was published Mar 14, 2025
Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions older than 6130 are... High Unreviewed
CVE-2025-1724 was published Mar 17, 2025
An issue was discovered on the Audi Universal Traffic Recorder 2.88. It has Susceptibility to... High Unreviewed
CVE-2025-30118 was published Mar 25, 2025
We observed that Intellispace Portal binaries doesn’t have any protection mechanisms to prevent... High Unreviewed
CVE-2025-3426 was published Apr 7, 2025
CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability... High Unreviewed
CVE-2025-2765 was published Apr 23, 2025
Quantum StorNext Web GUI API before 7.2.4 grants access to internal StorNext configuration and... High Unreviewed
CVE-2025-46617 was published Apr 25, 2025
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The... High Unreviewed
CVE-2025-32889 was published May 2, 2025
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The... High Unreviewed
CVE-2025-32888 was published May 2, 2025
The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password hashes for the operating... High Unreviewed
CVE-2025-48413 was published May 21, 2025
The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. An unauthenticated... High Unreviewed
CVE-2025-35940 was published Jun 10, 2025
Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974... High Unreviewed
CVE-2025-34509 was published Jun 17, 2025
A vulnerability has been discovered in the firmware of Paxton Paxton10 before 4.6 SR6. The... High Unreviewed
CVE-2025-52492 was published Jul 7, 2025
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Use of Hard-coded... High Unreviewed
CVE-2025-49551 was published Jul 8, 2025
Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Corporation photovoltaic... High Unreviewed
CVE-2025-5023 was published Jul 10, 2025
A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22.... High Unreviewed
CVE-2025-7564 was published Jul 14, 2025
An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized... High Unreviewed
CVE-2025-4569 was published Jul 21, 2025
Use of hard-coded, the same among all vulnerable installations SQLite credentials vulnerability... High Unreviewed
CVE-2025-4049 was published Jul 21, 2025
Use of Hard-coded Credentials vulnerability in PAVO Inc. PAVO Pay allows Read Sensitive Constants... High Unreviewed
CVE-2025-4130 was published Jul 21, 2025
HCL iAutomate includes hardcoded credentials which may result in potential exposure of... High Unreviewed
CVE-2025-31953 was published Jul 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database