Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

228 advisories

Loading
Apache StreamPark has a hard-coded encryption key High
CVE-2025-54947 was published for org.apache.streampark:streampark (Maven) Dec 12, 2025
Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments Moderate
CVE-2025-13877 was published for @nocobase/auth (npm) Dec 9, 2025
H2u8s Credited to H2u8s
qi-scape Credited to qi-scape
Apache Syncope's AES encryption stores hard-coded passwords in internal database High
CVE-2025-65998 was published for org.apache.syncope:syncope-core (Maven) Nov 24, 2025
AstrBot is vulnerable to RCE with hard-coded JWT signing keys Critical
CVE-2025-55449 was published for astrbot (pip) Nov 14, 2025
Marven11 Credited to Marven11, Raven95676, and Soulter Raven95676 Raven95676
Soulter Soulter
NeuVector is shipping cryptographic material into its binary Moderate
CVE-2025-54471 was published for github.com/neuvector/neuvector (Go) Oct 21, 2025
mmalesev Credited to mmalesev
The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via... Critical Unreviewed
CVE-2025-8625 was published Sep 30, 2025
ProTip! Advisories are also available from the GraphQL API