Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,826
Erlang
36
GitHub Actions
32
Go
2,426
Maven
5,000+
npm
4,058
NuGet
723
pip
3,848
Pub
12
RubyGems
934
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

30 advisories

Loading
RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker... Critical Unreviewed
CVE-2025-44963 was published Aug 4, 2025
In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the... Critical Unreviewed
CVE-2025-45746 was published May 13, 2025
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded... Critical Unreviewed
CVE-2022-34441 was published Jan 11, 2023
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded... Critical Unreviewed
CVE-2022-34442 was published Jan 18, 2023
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded... Critical Unreviewed
CVE-2022-34440 was published Jan 11, 2023
Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key. Critical Unreviewed
CVE-2021-22644 was published Jul 29, 2022
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed
CVE-2025-27674 was published Mar 5, 2025
VyOS 1.3 through 1.5 or any Debian-based system using dropbear in combination with live-build has... Critical Unreviewed
CVE-2025-30095 was published Mar 31, 2025
Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization... Critical Unreviewed
CVE-2025-30406 was published Apr 3, 2025
nvOC through 3.2 ships with SSH host keys baked into the installation image, which allows man-in... Critical Unreviewed
CVE-2019-19752 was published Apr 30, 2024
A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2... Critical Unreviewed
CVE-2023-37936 was published Jan 14, 2025
Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard... Critical Unreviewed
CVE-2023-48392 was published Dec 15, 2023
Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An... Critical Unreviewed
CVE-2023-37291 was published Jul 21, 2023
IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to... Critical Unreviewed
CVE-2024-46612 was published Sep 25, 2024
Password reset tokens are generated using an insecure source of randomness. Attackers who know... Critical Unreviewed
CVE-2024-6890 was published Aug 8, 2024
SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which... Critical Unreviewed
CVE-2019-19753 was published Apr 30, 2024
minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product. Critical Unreviewed
CVE-2019-19750 was published May 24, 2022
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All... Critical Unreviewed
CVE-2024-30207 was published May 14, 2024
D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This... Critical Unreviewed
CVE-2023-32169 was published May 3, 2024
Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz -... Critical Unreviewed
CVE-2023-3632 was published Aug 9, 2023
Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious... Critical Unreviewed
CVE-2023-2158 was published Jul 6, 2023
Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device... Critical Unreviewed
CVE-2022-2641 was published Jul 6, 2023
An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality... Critical Unreviewed
CVE-2023-22844 was published Jul 6, 2023
AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded... Critical Unreviewed
CVE-2023-34338 was published Jul 5, 2023
Metasys? ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for... Critical Unreviewed
CVE-2019-7594 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database