Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,740
Maven
5,000+
npm
4,338
NuGet
765
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

170 advisories

Loading
Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments Moderate
CVE-2025-13877 was published for @nocobase/auth (npm) Dec 9, 2025
H2u8s
Credited to H2u8s
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key... Critical Unreviewed
CVE-2025-34256 was published Dec 5, 2025
arcade-mcp-server Has Default Hardcoded Worker Secret That Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints Moderate
CVE-2025-66454 was published for arcade-mcp-server (pip) Dec 2, 2025
qi-scape
Credited to qi-scape
Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected... High Unreviewed
CVE-2025-11781 was published Dec 2, 2025
"FOD" App uses hard-coded cryptographic keys, which may allow a local unauthenticated attacker to... Moderate Unreviewed
CVE-2025-64304 was published Nov 25, 2025
Apache Syncope's AES encryption stores hard-coded passwords in internal database High
CVE-2025-65998 was published for org.apache.syncope:syncope-core (Maven) Nov 24, 2025
Twonky Server 8.5.2 on Linux and Windows is vulnerable to a cryptographic flaw, use of hard-coded... High Unreviewed
CVE-2025-13316 was published Nov 19, 2025
Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to... Critical Unreviewed
CVE-2025-63289 was published Nov 12, 2025
The Download Manager plugin for WordPress is vulnerable to unauthorized access due to a hardcoded... Moderate Unreviewed
CVE-2025-12177 was published Nov 8, 2025
Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).This issue affects BLU-IC2... Critical Unreviewed
CVE-2025-12599 was published Nov 1, 2025
A private key disclosure vulnerability exists in ZTE's ZXMP M721 product. A low-privileged user... High Unreviewed
CVE-2025-46582 was published Oct 27, 2025
Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature... High Unreviewed
CVE-2025-34500 was published Oct 25, 2025
The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization... Moderate Unreviewed
CVE-2025-56801 was published Oct 21, 2025
The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt... Moderate Unreviewed
CVE-2025-56802 was published Oct 21, 2025
NeuVector is shipping cryptographic material into its binary Moderate
CVE-2025-54471 was published for github.com/neuvector/neuvector (Go) Oct 21, 2025
mmalesev
Credited to mmalesev
Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability,... Critical Unreviewed
CVE-2025-11899 was published Oct 17, 2025
desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key, which allows an... Moderate Unreviewed
CVE-2025-58426 was published Oct 16, 2025
Newforma Info Exchange (NIX) uses a hard-coded key to encrypt certain query parameters. Some... Moderate Unreviewed
CVE-2025-35052 was published Oct 9, 2025
The Flock Safety DetectionProcessing com.flocksafety.android.objects application 6.35.33 for... Critical Unreviewed
CVE-2025-59407 was published Oct 2, 2025
Keysight Ixia Vision has an issue with hardcoded cryptographic material which may allow an... High Unreviewed
CVE-2025-24525 was published Oct 1, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments)... Critical Unreviewed
CVE-2025-34217 was published Sep 30, 2025
The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via... Critical Unreviewed
CVE-2025-8625 was published Sep 30, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and... Critical Unreviewed
CVE-2025-34234 was published Sep 29, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and... Critical Unreviewed
CVE-2025-34211 was published Sep 29, 2025
IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow... Low Unreviewed
CVE-2025-36326 was published Sep 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database