GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,369
Composer 4,373
Erlang 33
GitHub Actions 22
Go 2,135
Maven 5,313
npm 3,797
NuGet 687
pip 3,478
Pub 12
RubyGems 896
Rust 897
Swift 38

Unreviewed advisories

All unreviewed 245,374

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

560 advisories

Filter by severity

Sort by

Least recently updated

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5... Critical Unreviewed

CVE-2023-28503 was published Mar 29, 2023

All versions of the qBittorrent client through 4.5.5 use default credentials when the web user... Critical Unreviewed

CVE-2023-30801 was published Oct 10, 2023

The firmware of all Wattsense Bridge devices contain the same hard-coded user and root... Critical Unreviewed

CVE-2025-26410 was published Feb 11, 2025

Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h, and Forever... Critical Unreviewed

CVE-2024-36556 was published Feb 6, 2025

Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB... Critical Unreviewed

CVE-2024-51547 was published Feb 6, 2025

EasyVirt DCScope <=8.6.0 and CO2Scope <=1.3.0 are vulnerable to privilege escalation as the... Critical Unreviewed

CVE-2024-53356 was published Feb 1, 2025

A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2... Critical Unreviewed

CVE-2023-37936 was published Jan 14, 2025

INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. The same... Critical Unreviewed

CVE-2024-0390 was published Feb 15, 2024

HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to... Critical Unreviewed

CVE-2024-48126 was published Jan 15, 2025

Use of a hard-coded password for a database administrator account created during Wapro ERP... Critical Unreviewed

CVE-2024-4996 was published Dec 18, 2024

ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric... Critical Unreviewed

CVE-2024-55557 was published Dec 16, 2024

Snap One OvrC Pro versions prior to 7.2 have their own locally... Critical Unreviewed

CVE-2023-31240 was published May 22, 2023

Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow... Critical Unreviewed

CVE-2024-54750 was published Dec 6, 2024

Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation due to the use of a hard... Critical Unreviewed

CVE-2024-53484 was published Dec 2, 2024

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials,... Critical Unreviewed

CVE-2024-49805 was published Nov 29, 2024

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials,... Critical Unreviewed

CVE-2024-49806 was published Nov 29, 2024

The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability,... Critical Unreviewed

CVE-2024-28987 was published Aug 22, 2024

There are several hidden accounts. Some of them are intended for maintenance engineers, and with... Critical Unreviewed

CVE-2024-35244 was published Nov 26, 2024

API keys for some cloud services are hardcoded in the "main" binary. As for the details of... Critical Unreviewed

CVE-2024-36248 was published Nov 26, 2024

Allegra Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows... Critical Unreviewed

CVE-2023-51638 was published Nov 22, 2024

The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is... Critical Unreviewed

CVE-2024-42450 was published Nov 19, 2024

EverShop at risk to unauthorized access via weak HMAC secret Critical

CVE-2023-46943 was published for @evershop/evershop (npm) Jan 13, 2024

The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in... Critical Unreviewed

CVE-2024-48971 was published Nov 15, 2024

VM images built with Image Builder and Proxmox provider use default credentials in github.com/kubernetes-sigs/image-builder Critical

CVE-2024-9486 was published for github.com/kubernetes-sigs/image-builder (Go) Oct 15, 2024

LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily... Critical Unreviewed

CVE-2024-51431 was published Nov 1, 2024

Previous 1 2 3 4 5 … 22 23 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

560 advisories