GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
29 advisories
Filter by severity
AdaptiveScale LXDUI Hardcoded JWT Secret Key
Critical
CVE-2021-40494
was published
for
lxdui
(pip)
May 24, 2022
Apache Submarine Commons Utils has a hard-coded secret
Moderate
CVE-2024-36264
was published
for
apache-submarine
(Maven)
Jun 12, 2024
Dragonfly2 has hard coded cyptographic key
Critical
CVE-2023-27584
was published
for
d7y.io/dragonfly/v2
(Go)
Sep 19, 2024
Update share links to use FRP instead of SSH tunneling
Moderate
CVE-2023-25823
was published
for
gradio
(pip)
Feb 23, 2023
Django user with hardcoded password created when running tests on Oracle
Critical
CVE-2016-9013
was published
for
Django
(pip)
May 17, 2022
Apprite CLI makes Use of Hard-coded Credentials
Moderate
CVE-2023-50974
was published
for
appwrite
(npm)
Jan 9, 2024
EverShop at risk to unauthorized access via weak HMAC secret
High
CVE-2023-46943
was published
for
@evershop/evershop
(npm)
Jan 13, 2024
FlyteAdmin's Default OAuth Authorization Server secret must be rotated
High
CVE-2022-39273
was published
for
github.com/flyteorg/flyteadmin
(Go)
Oct 5, 2022
Incorrect handling of credential expiry by /nats-io/nats-server
Critical
CVE-2020-26892
was published
for
github.com/nats-io/jwt
(Go)
Feb 11, 2022
ThinkAdmin Admin Panel Access using Default Credentials
High
CVE-2020-35296
was published
for
zoujingli/thinkadmin
(Composer)
May 24, 2022
Katello uses hard coded credential
Critical
CVE-2012-3503
was published
for
katello
(RubyGems)
May 17, 2022
Hard-coded credentials in org.folio:mod-remote-storage
Moderate
CVE-2024-23685
was published
for
org.folio:mod-remote-storage
(Maven)
Jan 19, 2024
Hard-coded credentials in org.folio:mod-data-export-spring
Critical
CVE-2024-23687
was published
for
org.folio:mod-data-export-spring
(Maven)
Jan 20, 2024
@nuxtlabs/github-module made Use of Hard-coded Credentials
Critical
CVE-2023-2138
was published
for
@nuxtlabs/github-module
(npm)
Apr 18, 2023
Sureness uses hardcoded key
Critical
CVE-2023-31581
was published
for
com.usthe.sureness:sureness-core
(Maven)
Oct 25, 2023
Dromara Lamp-Cloud Use of Hard-coded Cryptographic Key
High
CVE-2023-31579
was published
for
top.tangyh.basic:lamp-core
(Maven)
Nov 3, 2023
Netmaker has Hardcoded DNS Secret Key
High
CVE-2023-32077
was published
for
github.com/gravitl/netmaker
(Go)
Aug 25, 2023
keycloak vulnerable to unauthorized login via mail server setup
Critical
CVE-2019-14837
was published
for
org.keycloak:keycloak-core
(Maven)
May 24, 2022
Microweber uses hard coded credentials
Moderate
CVE-2023-5318
was published
for
microweber/microweber
(Composer)
Sep 30, 2023
Hard coded cryptographic key in Kiali
High
CVE-2020-1764
was published
for
github.com/kiali/kiali
(Go)
May 18, 2021
web2py remote code execution via hardcoded encryption key in session.connect function
Critical
CVE-2016-3953
was published
for
web2py
(pip)
May 14, 2022
Use of Hard-coded Credentials in Apache Kylin
High
CVE-2021-45458
was published
for
org.apache.kylin:kylin
(Maven)
Jan 8, 2022
Use of Hard-coded Credentials in Nacos
High
CVE-2021-43116
was published
for
com.alibaba.nacos:nacos-client
(Maven)
Jul 6, 2022
Easy!Appointments uses hard-coded credentials
Critical
CVE-2023-1269
was published
for
alextselegidis/easyappointments
(Composer)
Mar 8, 2023
Use of Hard-coded Cryptographic Key in Netmaker
High
CVE-2022-23650
was published
for
github.com/gravitl/netmaker
(Go)
Feb 22, 2022
ProTip!
Advisories are also available from the
GraphQL API