GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
35 advisories
Filter by severity
Keycloak Build Process Exposes Sensitive Data
High
CVE-2024-10451
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
Hard coded credentials in FreeTAKServer
High
CVE-2022-25510
was published
for
FreeTAKServer
(pip)
Mar 12, 2022
Duplicate Advisory: Keycloak Build Process Exposes Sensitive Data
Moderate
GHSA-jcgg-mg9g-p9wf
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
•
withdrawn
EverShop at risk to unauthorized access via weak HMAC secret
Critical
CVE-2023-46943
was published
for
@evershop/evershop
(npm)
Jan 13, 2024
VM images built with Image Builder and Proxmox provider use default credentials in github.com/kubernetes-sigs/image-builder
Critical
CVE-2024-9486
was published
for
github.com/kubernetes-sigs/image-builder
(Go)
Oct 15, 2024
VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder
Moderate
CVE-2024-9594
was published
for
github.com/kubernetes-sigs/image-builder
(Go)
Oct 15, 2024
Apache Submarine Commons Utils has a hard-coded secret
Moderate
CVE-2024-36264
was published
for
apache-submarine
(Maven)
Jun 12, 2024
AdaptiveScale LXDUI Hardcoded JWT Secret Key
Critical
CVE-2021-40494
was published
for
lxdui
(pip)
May 24, 2022
Dragonfly2 has hard coded cyptographic key
Critical
CVE-2023-27584
was published
for
d7y.io/dragonfly/v2
(Go)
Sep 19, 2024
Update share links to use FRP instead of SSH tunneling
Moderate
CVE-2023-25823
was published
for
gradio
(pip)
Feb 23, 2023
Django user with hardcoded password created when running tests on Oracle
Critical
CVE-2016-9013
was published
for
Django
(pip)
May 17, 2022
Apprite CLI makes Use of Hard-coded Credentials
Moderate
CVE-2023-50974
was published
for
appwrite
(npm)
Jan 9, 2024
FlyteAdmin's Default OAuth Authorization Server secret must be rotated
High
CVE-2022-39273
was published
for
github.com/flyteorg/flyteadmin
(Go)
Oct 5, 2022
Incorrect handling of credential expiry by /nats-io/nats-server
Critical
CVE-2020-26892
was published
for
github.com/nats-io/jwt
(Go)
Feb 11, 2022
ThinkAdmin Admin Panel Access using Default Credentials
High
CVE-2020-35296
was published
for
zoujingli/thinkadmin
(Composer)
May 24, 2022
Katello uses hard coded credential
Critical
CVE-2012-3503
was published
for
katello
(RubyGems)
May 17, 2022
Hard-coded credentials in org.folio:mod-remote-storage
Moderate
CVE-2024-23685
was published
for
org.folio:mod-remote-storage
(Maven)
Jan 19, 2024
Hard-coded credentials in org.folio:mod-data-export-spring
Critical
CVE-2024-23687
was published
for
org.folio:mod-data-export-spring
(Maven)
Jan 20, 2024
@nuxtlabs/github-module made Use of Hard-coded Credentials
Critical
CVE-2023-2138
was published
for
@nuxtlabs/github-module
(npm)
Apr 18, 2023
Sureness uses hardcoded key
Critical
CVE-2023-31581
was published
for
com.usthe.sureness:sureness-core
(Maven)
Oct 25, 2023
Dromara Lamp-Cloud Use of Hard-coded Cryptographic Key
High
CVE-2023-31579
was published
for
top.tangyh.basic:lamp-core
(Maven)
Nov 3, 2023
Netmaker has Hardcoded DNS Secret Key
High
CVE-2023-32077
was published
for
github.com/gravitl/netmaker
(Go)
Aug 25, 2023
keycloak vulnerable to unauthorized login via mail server setup
Critical
CVE-2019-14837
was published
for
org.keycloak:keycloak-core
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API