GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
58 advisories
Filter by severity
Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses weak hardcoded default JWT...
Critical
Unreviewed
CVE-2026-56271
was published
Jul 12, 2026
NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass...
Critical
Unreviewed
CVE-2026-35019
was published
Jun 23, 2026
Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt...
Critical
Unreviewed
CVE-2026-28742
was published
Jun 12, 2026
Aqara Home Android (com.lumiunited.aqarahome) 6.0.0 (and white-label clients embedding the same...
Critical
Unreviewed
CVE-2026-50091
was published
Jun 12, 2026
There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Unauthenticated Remote...
Critical
Unreviewed
CVE-2026-9642
was published
May 26, 2026
Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz.
This issue affects Apache...
Critical
Unreviewed
CVE-2026-31986
was published
May 19, 2026
Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys.
Critical
Unreviewed
CVE-2026-32644
was published
Apr 28, 2026
Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small...
Critical
Unreviewed
CVE-2025-67112
was published
Mar 19, 2026
In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contains hardcoded SSH keys for...
Critical
Unreviewed
CVE-2025-67305
was published
Feb 19, 2026
Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured...
Critical
Unreviewed
CVE-2026-26335
was published
Feb 13, 2026
User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated...
Critical
Unreviewed
CVE-2026-22906
was published
Feb 9, 2026
Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages,...
Critical
Unreviewed
CVE-2026-22586
was published
Jan 24, 2026
Delta Electronics DIAView has multiple vulnerabilities.
Critical
Unreviewed
CVE-2025-62581
was published
Jan 16, 2026
Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability,...
Critical
Unreviewed
CVE-2025-15016
was published
Dec 22, 2025
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key...
Critical
Unreviewed
CVE-2025-34256
was published
Dec 5, 2025
Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to...
Critical
Unreviewed
CVE-2025-63289
was published
Nov 12, 2025
Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).This issue affects BLU-IC2...
Critical
Unreviewed
CVE-2025-12599
was published
Nov 1, 2025
Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability,...
Critical
Unreviewed
CVE-2025-11899
was published
Oct 17, 2025
The Flock Safety DetectionProcessing com.flocksafety.android.objects application 6.35.33 for...
Critical
Unreviewed
CVE-2025-59407
was published
Oct 2, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments)...
Critical
Unreviewed
CVE-2025-34217
was published
Sep 30, 2025
The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via...
Critical
Unreviewed
CVE-2025-8625
was published
Sep 30, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and...
Critical
Unreviewed
CVE-2025-34234
was published
Sep 29, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and...
Critical
Unreviewed
CVE-2025-34211
was published
Sep 29, 2025
The secret used for validating authentication tokens is hardcoded in
device firmware for...
Critical
Unreviewed
CVE-2025-54807
was published
Sep 18, 2025
An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4...
Critical
Unreviewed
CVE-2025-57174
was published
Sep 15, 2025
ProTip!
Advisories are also available from the
GraphQL API