Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,822
Erlang
36
GitHub Actions
32
Go
2,413
Maven
5,000+
npm
4,052
NuGet
723
pip
3,844
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,301 advisories

Loading
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified... Critical Unreviewed
CVE-2025-20309 was published Jul 2, 2025
A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded... Critical Unreviewed
CVE-2025-34034 was published Jun 26, 2025
D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including... Critical Unreviewed
CVE-2025-45784 was published Jun 18, 2025
Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974... High Unreviewed
CVE-2025-34509 was published Jun 17, 2025
OpenC3 COSMOS v6.0.0 was discovered to contain hardcoded credentials for the Service Account. Critical Unreviewed
CVE-2025-28388 was published Jun 13, 2025
The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. An unauthenticated... High Unreviewed
CVE-2025-35940 was published Jun 10, 2025
WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass... Moderate Unreviewed
CVE-2025-5751 was published Jun 6, 2025
A predefined administrative account is not documented and cannot be deactivated. This account... Critical Unreviewed
CVE-2025-3321 was published Jun 6, 2025
Default credentials were present in the web portal for Airpointer 2.4.107-2, allowing an... Moderate Unreviewed
CVE-2025-4633 was published May 30, 2025
The CS5000 Fire Panel is vulnerable due to a hard-coded password that runs on a VNC server and... Critical Unreviewed
CVE-2025-46352 was published May 30, 2025
Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded... Critical Unreviewed
CVE-2025-48748 was published May 29, 2025
Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in... Moderate Unreviewed
CVE-2025-36572 was published May 28, 2025
A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This... Moderate Unreviewed
CVE-2025-5164 was published May 26, 2025
Iridium Certus 700 version 1.0.1 has an embedded credentials vulnerability in the code. This... Moderate Unreviewed
CVE-2025-41380 was published May 23, 2025
There are several scripts in the web interface that are accessible via undocumented hard-coded... Moderate Unreviewed
CVE-2025-48414 was published May 21, 2025
The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password hashes for the operating... High Unreviewed
CVE-2025-48413 was published May 21, 2025
ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to... Moderate Unreviewed
CVE-2025-4876 was published May 19, 2025
In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the... Critical Unreviewed
CVE-2025-45746 was published May 13, 2025
Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to... Moderate Unreviewed
CVE-2025-27488 was published May 13, 2025
The TeleMessage archiving backend through 2025-05-05 accepts API calls (to request an... Moderate Unreviewed
CVE-2025-47730 was published May 8, 2025
A vulnerability in the Out-of-Band Access Point (AP) Image Download feature of Cisco IOS XE... Critical Unreviewed
CVE-2025-20188 was published May 7, 2025
In Optigo Networks ONS NC600 versions 4.2.1-084 through 4.7.2-330, an attacker could connect with... Critical Unreviewed
CVE-2025-4041 was published May 6, 2025
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The... High Unreviewed
CVE-2025-32889 was published May 2, 2025
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The... High Unreviewed
CVE-2025-32888 was published May 2, 2025
CWE-798: Use of Hard-coded Credentials Moderate Unreviewed
CVE-2025-23179 was published Apr 29, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database