GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
228 advisories
Filter by severity
Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses weak hardcoded default JWT...
Critical
Unreviewed
CVE-2026-56271
was published
Jul 12, 2026
Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key...
Moderate
Unreviewed
CVE-2026-39031
was published
Jun 26, 2026
Unauthenticated Backdoor in Enable CORS <= 2.0.3 versions.
High
Unreviewed
CVE-2026-54833
was published
Jun 26, 2026
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests...
High
Unreviewed
CVE-2026-9220
was published
Jun 26, 2026
NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass...
Critical
Unreviewed
CVE-2026-35019
was published
Jun 23, 2026
Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
Moderate
Unreviewed
CVE-2026-9260
was published
Jun 16, 2026
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded...
Moderate
Unreviewed
CVE-2026-34029
was published
Jun 15, 2026
The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319,...
High
Unreviewed
CVE-2026-34022
was published
Jun 15, 2026
Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt...
Critical
Unreviewed
CVE-2026-28742
was published
Jun 12, 2026
Aqara Home Android (com.lumiunited.aqarahome) 6.0.0 (and white-label clients embedding the same...
Critical
Unreviewed
CVE-2026-50091
was published
Jun 12, 2026
The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a...
High
Unreviewed
CVE-2026-11347
was published
Jun 5, 2026
This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA...
High
Unreviewed
CVE-2026-45433
was published
Jun 4, 2026
Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization...
Moderate
Unreviewed
CVE-2026-50226
was published
Jun 4, 2026
praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset
Critical
CVE-2026-47410
was published
for
praisonai-platform
(pip)
May 29, 2026
There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Unauthenticated Remote...
Critical
Unreviewed
CVE-2026-9642
was published
May 26, 2026
NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of...
High
Unreviewed
CVE-2026-24218
was published
May 20, 2026
HAXcms: Private Key Disclosure via Broken HMAC Implementation
Critical
CVE-2026-46395
was published
for
@haxtheweb/haxcms-nodejs
(npm)
May 19, 2026
Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz.
This issue affects Apache...
Critical
Unreviewed
CVE-2026-31986
was published
May 19, 2026
ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups...
Moderate
Unreviewed
CVE-2026-25107
was published
May 13, 2026
A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through...
Low
Unreviewed
CVE-2026-44278
was published
May 12, 2026
A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3...
High
Unreviewed
CVE-2025-40946
was published
May 12, 2026
In Meari IoT SDK builds embedded in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and...
High
Unreviewed
CVE-2026-33362
was published
May 11, 2026
Use of Hard-coded Cryptographic Key vulnerability in WatchGuard Agent on Windows allows Inclusion...
High
Unreviewed
CVE-2026-6787
was published
May 6, 2026
This vulnerability exists in e-Sushrut due to disclosure of sensitive information and hardcoded...
High
Unreviewed
CVE-2026-42518
was published
Apr 29, 2026
Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys.
Critical
Unreviewed
CVE-2026-32644
was published
Apr 28, 2026
ProTip!
Advisories are also available from the
GraphQL API