GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,296
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
68 advisories
Filter by severity
Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses weak hardcoded default JWT...
Critical
Unreviewed
CVE-2026-56271
was published
Jul 12, 2026
NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass...
Critical
Unreviewed
CVE-2026-35019
was published
Jun 23, 2026
Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt...
Critical
Unreviewed
CVE-2026-28742
was published
Jun 12, 2026
Aqara Home Android (com.lumiunited.aqarahome) 6.0.0 (and white-label clients embedding the same...
Critical
Unreviewed
CVE-2026-50091
was published
Jun 12, 2026
praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset
Critical
CVE-2026-47410
was published
for
praisonai-platform
(pip)
May 29, 2026
There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Unauthenticated Remote...
Critical
Unreviewed
CVE-2026-9642
was published
May 26, 2026
HAXcms: Private Key Disclosure via Broken HMAC Implementation
Critical
CVE-2026-46395
was published
for
@haxtheweb/haxcms-nodejs
(npm)
May 19, 2026
Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz.
This issue affects Apache...
Critical
Unreviewed
CVE-2026-31986
was published
May 19, 2026
Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys.
Critical
Unreviewed
CVE-2026-32644
was published
Apr 28, 2026
Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small...
Critical
Unreviewed
CVE-2025-67112
was published
Mar 19, 2026
In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contains hardcoded SSH keys for...
Critical
Unreviewed
CVE-2025-67305
was published
Feb 19, 2026
Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured...
Critical
Unreviewed
CVE-2026-26335
was published
Feb 13, 2026
User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated...
Critical
Unreviewed
CVE-2026-22906
was published
Feb 9, 2026
FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration
Critical
CVE-2026-25894
was published
for
fuxa-server
(npm)
Feb 5, 2026
Bambuddy Uses Hardcoded Secret Key + Many API Endpoints do not Require Authentication
Critical
CVE-2026-25505
was published
for
bambuddy
(pip)
Feb 2, 2026
Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages,...
Critical
Unreviewed
CVE-2026-22586
was published
Jan 24, 2026
Delta Electronics DIAView has multiple vulnerabilities.
Critical
Unreviewed
CVE-2025-62581
was published
Jan 16, 2026
Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability,...
Critical
Unreviewed
CVE-2025-15016
was published
Dec 22, 2025
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key...
Critical
Unreviewed
CVE-2025-34256
was published
Dec 5, 2025
AstrBot is vulnerable to RCE with hard-coded JWT signing keys
Critical
CVE-2025-55449
was published
for
astrbot
(pip)
Nov 14, 2025
Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to...
Critical
Unreviewed
CVE-2025-63289
was published
Nov 12, 2025
Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).This issue affects BLU-IC2...
Critical
Unreviewed
CVE-2025-12599
was published
Nov 1, 2025
Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability,...
Critical
Unreviewed
CVE-2025-11899
was published
Oct 17, 2025
The Flock Safety DetectionProcessing com.flocksafety.android.objects application 6.35.33 for...
Critical
Unreviewed
CVE-2025-59407
was published
Oct 2, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments)...
Critical
Unreviewed
CVE-2025-34217
was published
Sep 30, 2025
ProTip!
Advisories are also available from the
GraphQL API