GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
32 advisories
Filter by severity
Hard-Coded Key Used For Remember-me Token in Opencast
Moderate
CVE-2020-5222
was published
for
org.opencastproject:opencast-kernel
(Maven)
Jan 30, 2020
Hard coded cryptographic key in Kiali
High
CVE-2020-1764
was published
for
github.com/kiali/kiali
(Go)
May 18, 2021
Use of Hard-coded Credentials in Apache Kylin
High
CVE-2021-45458
was published
for
org.apache.kylin:kylin
(Maven)
Jan 8, 2022
Incorrect handling of credential expiry by /nats-io/nats-server
Critical
CVE-2020-26892
was published
for
github.com/nats-io/jwt
(Go)
Feb 11, 2022
Use of Hard-coded Cryptographic Key in Netmaker
High
CVE-2022-23650
was published
for
github.com/gravitl/netmaker
(Go)
Feb 22, 2022
Hard coded credentials in FreeTAKServer
High
CVE-2022-25510
was published
for
FreeTAKServer
(pip)
Mar 12, 2022
web2py remote code execution via hardcoded encryption key in session.connect function
Critical
CVE-2016-3953
was published
for
web2py
(pip)
May 14, 2022
Django user with hardcoded password created when running tests on Oracle
Critical
CVE-2016-9013
was published
for
Django
(pip)
May 17, 2022
Katello uses hard coded credential
Critical
CVE-2012-3503
was published
for
katello
(RubyGems)
May 17, 2022
keycloak vulnerable to unauthorized login via mail server setup
Critical
CVE-2019-14837
was published
for
org.keycloak:keycloak-core
(Maven)
May 24, 2022
ThinkAdmin Admin Panel Access using Default Credentials
High
CVE-2020-35296
was published
for
zoujingli/thinkadmin
(Composer)
May 24, 2022
AdaptiveScale LXDUI Hardcoded JWT Secret Key
Critical
CVE-2021-40494
was published
for
lxdui
(pip)
May 24, 2022
Use of Hard-coded Credentials in Nacos
High
CVE-2021-43116
was published
for
com.alibaba.nacos:nacos-client
(Maven)
Jul 6, 2022
Use of Hard-coded Credentials in AgileConfig.Client
Critical
CVE-2022-35540
was published
for
AgileConfig.Client
(NuGet)
Aug 19, 2022
FlyteAdmin's Default OAuth Authorization Server secret must be rotated
High
CVE-2022-39273
was published
for
github.com/flyteorg/flyteadmin
(Go)
Oct 5, 2022
KubePi allows malicious actor to login with a forged JWT token via Hardcoded Jwtsigkeys
Critical
CVE-2023-22463
was published
for
github.com/KubeOperator/kubepi
(Go)
Jan 6, 2023
Update share links to use FRP instead of SSH tunneling
Moderate
CVE-2023-25823
was published
for
gradio
(pip)
Feb 23, 2023
Easy!Appointments uses hard-coded credentials
Critical
CVE-2023-1269
was published
for
alextselegidis/easyappointments
(Composer)
Mar 8, 2023
@nuxtlabs/github-module made Use of Hard-coded Credentials
Critical
CVE-2023-2138
was published
for
@nuxtlabs/github-module
(npm)
Apr 18, 2023
Netmaker has Hardcoded DNS Secret Key
High
CVE-2023-32077
was published
for
github.com/gravitl/netmaker
(Go)
Aug 25, 2023
Microweber uses hard coded credentials
Moderate
CVE-2023-5318
was published
for
microweber/microweber
(Composer)
Sep 30, 2023
Sureness uses hardcoded key
Critical
CVE-2023-31581
was published
for
com.usthe.sureness:sureness-core
(Maven)
Oct 25, 2023
Dromara Lamp-Cloud Use of Hard-coded Cryptographic Key
High
CVE-2023-31579
was published
for
top.tangyh.basic:lamp-core
(Maven)
Nov 3, 2023
Apprite CLI makes Use of Hard-coded Credentials
Moderate
CVE-2023-50974
was published
for
appwrite
(npm)
Jan 9, 2024
EverShop at risk to unauthorized access via weak HMAC secret
Critical
CVE-2023-46943
was published
for
@evershop/evershop
(npm)
Jan 13, 2024
ProTip!
Advisories are also available from the
GraphQL API