GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,934
Composer 4,780
Erlang 36
GitHub Actions 29
Go 2,344
Maven 5,665
npm 3,973
NuGet 719
pip 3,770
Pub 12
RubyGems 923
Rust 978
Swift 38

Unreviewed advisories

All unreviewed 260,064

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

29 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the... Critical Unreviewed

CVE-2025-45746 was published May 13, 2025

Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization... Critical Unreviewed

CVE-2025-30406 was published Apr 3, 2025

VyOS 1.3 through 1.5 or any Debian-based system using dropbear in combination with live-build has... Critical Unreviewed

CVE-2025-30095 was published Mar 31, 2025

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed

CVE-2025-27674 was published Mar 5, 2025

A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2... Critical Unreviewed

CVE-2023-37936 was published Jan 14, 2025

IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to... Critical Unreviewed

CVE-2024-46612 was published Sep 25, 2024

Password reset tokens are generated using an insecure source of randomness. Attackers who know... Critical Unreviewed

CVE-2024-6890 was published Aug 8, 2024

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All... Critical Unreviewed

CVE-2024-30207 was published May 14, 2024

D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This... Critical Unreviewed

CVE-2023-32169 was published May 3, 2024

SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which... Critical Unreviewed

CVE-2019-19753 was published Apr 30, 2024

nvOC through 3.2 ships with SSH host keys baked into the installation image, which allows man-in... Critical Unreviewed

CVE-2019-19752 was published Apr 30, 2024

Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this... Critical Unreviewed

CVE-2024-2413 was published Mar 13, 2024

Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard... Critical Unreviewed

CVE-2023-48392 was published Dec 15, 2023

EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key Critical Unreviewed

CVE-2023-42492 was published Oct 25, 2023

Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz -... Critical Unreviewed

CVE-2023-3632 was published Aug 9, 2023

Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An... Critical Unreviewed

CVE-2023-37291 was published Jul 21, 2023

Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious... Critical Unreviewed

CVE-2023-2158 was published Jul 6, 2023

Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device... Critical Unreviewed

CVE-2022-2641 was published Jul 6, 2023

An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality... Critical Unreviewed

CVE-2023-22844 was published Jul 6, 2023

AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded... Critical Unreviewed

CVE-2023-34338 was published Jul 5, 2023

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded... Critical Unreviewed

CVE-2022-34442 was published Jan 18, 2023

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded... Critical Unreviewed

CVE-2022-34441 was published Jan 11, 2023

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded... Critical Unreviewed

CVE-2022-34440 was published Jan 11, 2023

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions... Critical Unreviewed

CVE-2022-29830 was published Nov 25, 2022

Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key. Critical Unreviewed

CVE-2021-22644 was published Jul 29, 2022

Previous 1 2 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

29 advisories