Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

1,522 advisories

Loading
The Aqara IAM/SSO Gateway (gw-builder.aqara.com) used a hardcoded OAuth client credential, which... Critical Unreviewed
CVE-2026-50083 was published Jun 12, 2026
The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are... Critical Unreviewed
CVE-2026-10557 was published Jun 12, 2026
The  iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials... Critical Unreviewed
CVE-2026-11849 was published Jun 12, 2026
Go Restful API Boilerplate: Hardcoded JWT Secret "random" Allows Token Forgery Critical
CVE-2026-48031 was published for github.com/dhax/go-base (Go) Jun 10, 2026
saaa99999999 Credited to saaa99999999
NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that... Critical Unreviewed
CVE-2025-71317 was published Jun 5, 2026
NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows... Moderate Unreviewed
CVE-2026-21404 was published Jun 4, 2026
The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets,... High Unreviewed
CVE-2026-50213 was published Jun 4, 2026
Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking... Moderate Unreviewed
CVE-2026-49204 was published Jun 4, 2026
Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in... High Unreviewed
CVE-2026-8876 was published Jun 3, 2026
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 encrypts configuration backups... High Unreviewed
CVE-2026-36606 was published Jun 3, 2026
Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 contains hardcoded WiFi driver... Moderate Unreviewed
CVE-2026-36616 was published Jun 3, 2026
Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain hard... High Unreviewed
CVE-2019-25722 was published Jun 2, 2026
Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server... High Unreviewed
CVE-2026-42251 was published Jun 1, 2026
The PDBM application relies on a static, hard‑coded secret embedded in the PDBM.exe executable.... Moderate Unreviewed
CVE-2026-25600 was published Jun 1, 2026
Hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enable) in Apache... High Unreviewed
CVE-2026-44825 was published Jun 1, 2026
praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset Critical
CVE-2026-47410 was published for praisonai-platform (pip) May 29, 2026
Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials. High Unreviewed
CVE-2026-42929 was published May 29, 2026
AgenticMail API/storage and outbound relay hardening fixes High
CVE-2026-47255 was published for @agenticmail/api (npm) May 29, 2026
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device... Critical Unreviewed
CVE-2026-7786 was published May 29, 2026
The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES... Critical Unreviewed
CVE-2026-49201 was published May 29, 2026
SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 contain a hardcoded... Critical Unreviewed
CVE-2026-24444 was published May 28, 2026
IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a... High Unreviewed
CVE-2026-5065 was published May 27, 2026
Netis AC1200 Router NC21 V4.0.1.4296 contains a hard-coded root credential stored in /etc/shadow... High Unreviewed
CVE-2026-36538 was published May 27, 2026
Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in settings.inc.php that... Moderate Unreviewed
CVE-2026-48244 was published May 21, 2026
Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in tables.php that is... Moderate Unreviewed
CVE-2026-48245 was published May 21, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database