Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

159 advisories

Loading
Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).This issue affects BLU-IC2... Critical Unreviewed
CVE-2025-12599 was published Nov 1, 2025
A private key disclosure vulnerability exists in ZTE's ZXMP M721 product. A low-privileged user... High Unreviewed
CVE-2025-46582 was published Oct 27, 2025
Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature... High Unreviewed
CVE-2025-34500 was published Oct 25, 2025
The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization... Moderate Unreviewed
CVE-2025-56801 was published Oct 21, 2025
The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt... Moderate Unreviewed
CVE-2025-56802 was published Oct 21, 2025
NeuVector is shipping cryptographic material into its binary Moderate
CVE-2025-54471 was published for github.com/neuvector/neuvector (Go) Oct 21, 2025
mmalesev
Credited to mmalesev
Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability,... Critical Unreviewed
CVE-2025-11899 was published Oct 17, 2025
desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key, which allows an... Moderate Unreviewed
CVE-2025-58426 was published Oct 16, 2025
Newforma Info Exchange (NIX) uses a hard-coded key to encrypt certain query parameters. Some... Moderate Unreviewed
CVE-2025-35052 was published Oct 9, 2025
The Flock Safety DetectionProcessing com.flocksafety.android.objects application 6.35.33 for... Critical Unreviewed
CVE-2025-59407 was published Oct 2, 2025
Keysight Ixia Vision has an issue with hardcoded cryptographic material which may allow an... High Unreviewed
CVE-2025-24525 was published Oct 1, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments)... Critical Unreviewed
CVE-2025-34217 was published Sep 30, 2025
The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via... Critical Unreviewed
CVE-2025-8625 was published Sep 30, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and... Critical Unreviewed
CVE-2025-34234 was published Sep 29, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and... Critical Unreviewed
CVE-2025-34211 was published Sep 29, 2025
IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow... Low Unreviewed
CVE-2025-36326 was published Sep 26, 2025
Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE packet data by using the... Moderate Unreviewed
CVE-2025-60250 was published Sep 26, 2025
The use of a hard-coded cryptographic key was discovered in firmware version 3.60 of the Click... Moderate Unreviewed
CVE-2025-58069 was published Sep 24, 2025
The secret used for validating authentication tokens is hardcoded in device firmware for... Critical Unreviewed
CVE-2025-54807 was published Sep 18, 2025
Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 (and potentially earlier unsupported... High Unreviewed
CVE-2025-55112 was published Sep 16, 2025
An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4... Critical Unreviewed
CVE-2025-57174 was published Sep 15, 2025
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a... Low Unreviewed
CVE-2025-30200 was published Sep 5, 2025
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a... Low Unreviewed
CVE-2025-30198 was published Sep 5, 2025
An issue in Evope Core v.1.1.3.20 allows a local attacker to obtain sensitive information via the... High Unreviewed
CVE-2025-56577 was published Aug 29, 2025
The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An... Critical Unreviewed
CVE-2025-41702 was published Aug 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database