GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,948
Composer 4,873
Erlang 37
GitHub Actions 36
Go 2,519
Maven 5,959
npm 4,156
NuGet 736
pip 3,956
Pub 12
RubyGems 946
Rust 1,026
Swift 39

Unreviewed advisories

All unreviewed 270,233

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

608 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951 and... Critical Unreviewed

CVE-2025-34198 was published Sep 19, 2025

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to... Critical Unreviewed

CVE-2024-9643 was published Feb 4, 2025

The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to... Critical Unreviewed

CVE-2025-8570 was published Sep 11, 2025

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default... Critical Unreviewed

CVE-2025-35451 was published Sep 5, 2025

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials... Critical Unreviewed

CVE-2025-35452 was published Sep 5, 2025

Clinic Image System developed by Changing contains hard-coded Credentials, allowing... Critical Unreviewed

CVE-2025-8857 was published Aug 29, 2025

An high privileged remote attacker can enable telnet access that accepts hardcoded credentials. Critical Unreviewed

CVE-2024-28751 was published Jul 9, 2024

Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by... Critical Unreviewed

CVE-2025-43982 was published Aug 13, 2025

Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if... Critical Unreviewed

CVE-2024-1039 was published Feb 2, 2024

Tigo Energy's Cloud Connect Advanced (CCA) device contains hard-coded credentials that allow... Critical Unreviewed

CVE-2025-7768 was published Aug 6, 2025

Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a hardcoded... Critical Unreviewed

CVE-2025-51536 was published Aug 4, 2025

An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. All dashcams were shipped with... Critical Unreviewed

CVE-2025-30125 was published Jul 28, 2025

Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows... Critical Unreviewed

CVE-2025-54455 was published Jul 23, 2025

Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows... Critical Unreviewed

CVE-2025-54454 was published Jul 23, 2025

A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent... Critical Unreviewed

CVE-2024-38648 was published Jul 12, 2025

An OEM IP camera manufactured by Shenzhen Liandian Communication Technology LTD exposes a Telnet... Critical Unreviewed

CVE-2025-7503 was published Jul 11, 2025

The Premium Age Verification / Restriction for WordPress plugin for WordPress is vulnerable to... Critical Unreviewed

CVE-2025-7401 was published Jul 11, 2025

A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded... Critical Unreviewed

CVE-2025-34034 was published Jun 26, 2025

Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing... Critical Unreviewed

CVE-2025-37103 was published Jul 8, 2025

ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credentials. Critical Unreviewed

CVE-2025-45813 was published Jul 2, 2025

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified... Critical Unreviewed

CVE-2025-20309 was published Jul 2, 2025

Root user password is hardcoded into the device and cannot be changed in the user interface. Critical Unreviewed

CVE-2023-49253 was published Jan 12, 2024

D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including... Critical Unreviewed

CVE-2025-45784 was published Jun 18, 2025

OpenC3 COSMOS v6.0.0 was discovered to contain hardcoded credentials for the Service Account. Critical Unreviewed

CVE-2025-28388 was published Jun 13, 2025

A predefined administrative account is not documented and cannot be deactivated. This account... Critical Unreviewed

CVE-2025-3321 was published Jun 6, 2025

Previous1…25 Next

Previous 1 2 3 4 5 … 24 25 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

608 advisories