GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,889
Composer 4,870
Erlang 37
GitHub Actions 36
Go 2,500
Maven 5,942
npm 4,147
NuGet 735
pip 3,948
Pub 12
RubyGems 945
Rust 1,025
Swift 39

Unreviewed advisories

All unreviewed 269,561

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

33 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4... Critical Unreviewed

CVE-2025-57174 was published Sep 15, 2025

Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and... Critical Unreviewed

CVE-2025-55619 was published Aug 22, 2025

The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An... Critical Unreviewed

CVE-2025-41702 was published Aug 26, 2025

RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker... Critical Unreviewed

CVE-2025-44963 was published Aug 4, 2025

In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the... Critical Unreviewed

CVE-2025-45746 was published May 13, 2025

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded... Critical Unreviewed

CVE-2022-34441 was published Jan 11, 2023

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded... Critical Unreviewed

CVE-2022-34442 was published Jan 18, 2023

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded... Critical Unreviewed

CVE-2022-34440 was published Jan 11, 2023

Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key. Critical Unreviewed

CVE-2021-22644 was published Jul 29, 2022

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed

CVE-2025-27674 was published Mar 5, 2025

VyOS 1.3 through 1.5 or any Debian-based system using dropbear in combination with live-build has... Critical Unreviewed

CVE-2025-30095 was published Mar 31, 2025

Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization... Critical Unreviewed

CVE-2025-30406 was published Apr 3, 2025

nvOC through 3.2 ships with SSH host keys baked into the installation image, which allows man-in... Critical Unreviewed

CVE-2019-19752 was published Apr 30, 2024

A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2... Critical Unreviewed

CVE-2023-37936 was published Jan 14, 2025

Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard... Critical Unreviewed

CVE-2023-48392 was published Dec 15, 2023

Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An... Critical Unreviewed

CVE-2023-37291 was published Jul 21, 2023

IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to... Critical Unreviewed

CVE-2024-46612 was published Sep 25, 2024

Password reset tokens are generated using an insecure source of randomness. Attackers who know... Critical Unreviewed

CVE-2024-6890 was published Aug 8, 2024

SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which... Critical Unreviewed

CVE-2019-19753 was published Apr 30, 2024

minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product. Critical Unreviewed

CVE-2019-19750 was published May 24, 2022

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All... Critical Unreviewed

CVE-2024-30207 was published May 14, 2024

D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This... Critical Unreviewed

CVE-2023-32169 was published May 3, 2024

Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz -... Critical Unreviewed

CVE-2023-3632 was published Aug 9, 2023

Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious... Critical Unreviewed

CVE-2023-2158 was published Jul 6, 2023

Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device... Critical Unreviewed

CVE-2022-2641 was published Jul 6, 2023

Previous12 Next

Previous 1 2 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

33 advisories