GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,300
Composer 4,359
Erlang 33
GitHub Actions 22
Go 2,124
Maven 5,300
npm 3,787
NuGet 683
pip 3,467
Pub 12
RubyGems 894
Rust 892
Swift 38

Unreviewed advisories

All unreviewed 244,584

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

95 advisories

Filter by severity

Sort by

Least recently updated

Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP... High Unreviewed

CVE-2024-33891 was published Apr 29, 2024

A CWE-321 "Use of Hard-coded Cryptographic Key" in the JWT signing in Q-Free MaxTime less than or... High Unreviewed

CVE-2025-26340 was published Feb 12, 2025

A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before... Moderate Unreviewed

CVE-2024-13842 was published Feb 11, 2025

A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in... Moderate Unreviewed

CVE-2024-33504 was published Feb 11, 2025

SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the... Moderate Unreviewed

CVE-2024-28989 was published Feb 11, 2025

An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to... High Unreviewed

CVE-2024-52881 was published Feb 7, 2025

The TP-Link Tapo C500 V1 and V2 are a pan-and-tilt outdoor Wi-Fi security cameras designed for... High Unreviewed

CVE-2025-1099 was published Feb 10, 2025

Successful exploitation of this vulnerability could allow an attacker (who needs to have Admin... Moderate Unreviewed

CVE-2024-47256 was published Feb 6, 2025

A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all... Low Unreviewed

CVE-2024-50564 was published Jan 14, 2025

A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2... Critical Unreviewed

CVE-2023-37936 was published Jan 14, 2025

ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT... Moderate Unreviewed

CVE-2024-12078 was published Jan 23, 2025

A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE... Moderate Unreviewed

CVE-2023-44318 was published Nov 14, 2023

Logsign Unified SecOps Platform HTTP API Hard-coded Cryptographic Key Remote Code Execution... High Unreviewed

CVE-2024-5722 was published Nov 22, 2024

Use of hard-coded cryptographic key issue exists in AIPHONE IX SYSTEM, IXG SYSTEM, and System... Moderate Unreviewed

CVE-2024-45837 was published Nov 22, 2024

Use of hard-coded cryptographic key issue exists in "Kura Sushi Official App Produced by EPARK"... Moderate Unreviewed

CVE-2024-52614 was published Nov 20, 2024

The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt... Moderate Unreviewed

CVE-2024-11308 was published Nov 18, 2024

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected... Moderate Unreviewed

CVE-2024-46889 was published Nov 12, 2024

AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific... Moderate Unreviewed

CVE-2023-21404 was published May 8, 2023

HiveOS through 0.6-102@191212 ships with SSH host keys baked into the installation image, which... Moderate Unreviewed

CVE-2019-19754 was published Apr 30, 2024

A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with... Moderate Unreviewed

CVE-2024-20280 was published Oct 16, 2024

A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may... Moderate Unreviewed

CVE-2023-39982 was published Sep 2, 2023

IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information... Moderate Unreviewed

CVE-2024-38314 was published Oct 24, 2024

Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard... Critical Unreviewed

CVE-2023-48392 was published Dec 15, 2023

Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An... Critical Unreviewed

CVE-2023-37291 was published Jul 21, 2023

It is possible to download the configuration backup without authorization and decrypt included... High Unreviewed

CVE-2023-49256 was published Jan 12, 2024

Previous 1 2 3 4 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

95 advisories