GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
35 advisories
Filter by severity
Keycloak Build Process Exposes Sensitive Data
High
CVE-2024-10451
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
Duplicate Advisory: Keycloak Build Process Exposes Sensitive Data
Moderate
GHSA-jcgg-mg9g-p9wf
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
•
withdrawn
VM images built with Image Builder and Proxmox provider use default credentials in github.com/kubernetes-sigs/image-builder
Critical
CVE-2024-9486
was published
for
github.com/kubernetes-sigs/image-builder
(Go)
Oct 15, 2024
VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder
Moderate
CVE-2024-9594
was published
for
github.com/kubernetes-sigs/image-builder
(Go)
Oct 15, 2024
Dragonfly2 has hard coded cyptographic key
Critical
CVE-2023-27584
was published
for
d7y.io/dragonfly/v2
(Go)
Sep 19, 2024
Apache Submarine Commons Utils has a hard-coded secret
Moderate
CVE-2024-36264
was published
for
apache-submarine
(Maven)
Jun 12, 2024
Hard-coded credentials in org.folio:mod-data-export-spring
Critical
CVE-2024-23687
was published
for
org.folio:mod-data-export-spring
(Maven)
Jan 20, 2024
Hard-coded credentials in org.folio:mod-remote-storage
Moderate
CVE-2024-23685
was published
for
org.folio:mod-remote-storage
(Maven)
Jan 19, 2024
EverShop at risk to unauthorized access via weak HMAC secret
Critical
CVE-2023-46943
was published
for
@evershop/evershop
(npm)
Jan 13, 2024
Apprite CLI makes Use of Hard-coded Credentials
Moderate
CVE-2023-50974
was published
for
appwrite
(npm)
Jan 9, 2024
Dromara Lamp-Cloud Use of Hard-coded Cryptographic Key
High
CVE-2023-31579
was published
for
top.tangyh.basic:lamp-core
(Maven)
Nov 3, 2023
Sureness uses hardcoded key
Critical
CVE-2023-31581
was published
for
com.usthe.sureness:sureness-core
(Maven)
Oct 25, 2023
Microweber uses hard coded credentials
Moderate
CVE-2023-5318
was published
for
microweber/microweber
(Composer)
Sep 30, 2023
Netmaker has Hardcoded DNS Secret Key
High
CVE-2023-32077
was published
for
github.com/gravitl/netmaker
(Go)
Aug 25, 2023
@nuxtlabs/github-module made Use of Hard-coded Credentials
Critical
CVE-2023-2138
was published
for
@nuxtlabs/github-module
(npm)
Apr 18, 2023
Easy!Appointments uses hard-coded credentials
Critical
CVE-2023-1269
was published
for
alextselegidis/easyappointments
(Composer)
Mar 8, 2023
Update share links to use FRP instead of SSH tunneling
Moderate
CVE-2023-25823
was published
for
gradio
(pip)
Feb 23, 2023
KubePi allows malicious actor to login with a forged JWT token via Hardcoded Jwtsigkeys
Critical
CVE-2023-22463
was published
for
github.com/KubeOperator/kubepi
(Go)
Jan 6, 2023
FlyteAdmin's Default OAuth Authorization Server secret must be rotated
High
CVE-2022-39273
was published
for
github.com/flyteorg/flyteadmin
(Go)
Oct 5, 2022
Use of Hard-coded Credentials in AgileConfig.Client
Critical
CVE-2022-35540
was published
for
AgileConfig.Client
(NuGet)
Aug 19, 2022
Use of Hard-coded Credentials in Nacos
High
CVE-2021-43116
was published
for
com.alibaba.nacos:nacos-client
(Maven)
Jul 6, 2022
AdaptiveScale LXDUI Hardcoded JWT Secret Key
Critical
CVE-2021-40494
was published
for
lxdui
(pip)
May 24, 2022
ThinkAdmin Admin Panel Access using Default Credentials
High
CVE-2020-35296
was published
for
zoujingli/thinkadmin
(Composer)
May 24, 2022
keycloak vulnerable to unauthorized login via mail server setup
Critical
CVE-2019-14837
was published
for
org.keycloak:keycloak-core
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API