GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
228 advisories
Filter by severity
Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability,...
Critical
Unreviewed
CVE-2025-15016
was published
Dec 22, 2025
Apache StreamPark has a hard-coded encryption key
High
CVE-2025-54947
was published
for
org.apache.streampark:streampark
(Maven)
Dec 12, 2025
Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments
Moderate
CVE-2025-13877
was published
for
@nocobase/auth
(npm)
Dec 9, 2025
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key...
Critical
Unreviewed
CVE-2025-34256
was published
Dec 5, 2025
arcade-mcp-server Has Default Hardcoded Worker Secret That Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints
Moderate
CVE-2025-66454
was published
for
arcade-mcp-server
(pip)
Dec 2, 2025
Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected...
High
Unreviewed
CVE-2025-11781
was published
Dec 2, 2025
"FOD" App uses hard-coded cryptographic keys, which may allow a local unauthenticated attacker to...
Moderate
Unreviewed
CVE-2025-64304
was published
Nov 25, 2025
Apache Syncope's AES encryption stores hard-coded passwords in internal database
High
CVE-2025-65998
was published
for
org.apache.syncope:syncope-core
(Maven)
Nov 24, 2025
Twonky Server 8.5.2 on Linux and Windows is vulnerable to a cryptographic flaw, use of hard-coded...
High
Unreviewed
CVE-2025-13316
was published
Nov 19, 2025
AstrBot is vulnerable to RCE with hard-coded JWT signing keys
Critical
CVE-2025-55449
was published
for
astrbot
(pip)
Nov 14, 2025
Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to...
Critical
Unreviewed
CVE-2025-63289
was published
Nov 12, 2025
The Download Manager plugin for WordPress is vulnerable to unauthorized access due to a hardcoded...
Moderate
Unreviewed
CVE-2025-12177
was published
Nov 8, 2025
Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).This issue affects BLU-IC2...
Critical
Unreviewed
CVE-2025-12599
was published
Nov 1, 2025
A private key disclosure vulnerability exists in ZTE's ZXMP M721 product. A low-privileged user...
High
Unreviewed
CVE-2025-46582
was published
Oct 27, 2025
Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature...
High
Unreviewed
CVE-2025-34500
was published
Oct 25, 2025
The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization...
Moderate
Unreviewed
CVE-2025-56801
was published
Oct 21, 2025
The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt...
Moderate
Unreviewed
CVE-2025-56802
was published
Oct 21, 2025
NeuVector is shipping cryptographic material into its binary
Moderate
CVE-2025-54471
was published
for
github.com/neuvector/neuvector
(Go)
Oct 21, 2025
Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability,...
Critical
Unreviewed
CVE-2025-11899
was published
Oct 17, 2025
desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key, which allows an...
Moderate
Unreviewed
CVE-2025-58426
was published
Oct 16, 2025
Newforma Info Exchange (NIX) uses a hard-coded key to encrypt certain query parameters. Some...
Moderate
Unreviewed
CVE-2025-35052
was published
Oct 9, 2025
The Flock Safety DetectionProcessing com.flocksafety.android.objects application 6.35.33 for...
Critical
Unreviewed
CVE-2025-59407
was published
Oct 2, 2025
Keysight Ixia Vision has an issue with hardcoded cryptographic material
which may allow an...
High
Unreviewed
CVE-2025-24525
was published
Oct 1, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments)...
Critical
Unreviewed
CVE-2025-34217
was published
Sep 30, 2025
The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via...
Critical
Unreviewed
CVE-2025-8625
was published
Sep 30, 2025
ProTip!
Advisories are also available from the
GraphQL API