Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

188 advisories

Loading
An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6... High Unreviewed
CVE-2018-12579 was published May 14, 2022
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an... High Unreviewed
CVE-2017-0921 was published May 14, 2022
Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in... Critical Unreviewed
CVE-2018-1000554 was published May 14, 2022
An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could... Moderate Unreviewed
CVE-2017-1000141 was published May 14, 2022
LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password ... Critical Unreviewed
CVE-2018-12421 was published May 14, 2022
WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via... High Unreviewed
CVE-2014-6412 was published May 14, 2022
Instant Update CMS contains a Password Reset Vulnerability vulnerability in /iu-application... Critical Unreviewed
CVE-2018-1000501 was published May 14, 2022
In order to perform actions that requires higher privileges, the Quest KACE System Management... High Unreviewed
CVE-2018-11134 was published May 14, 2022
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that... Critical Unreviewed
CVE-2022-37300 was published Sep 13, 2022
CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data... Critical Unreviewed
CVE-2018-10081 was published May 14, 2022
In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able... High Unreviewed
CVE-2017-8916 was published May 14, 2022
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that... Critical Unreviewed
CVE-2017-17097 was published May 14, 2022
An issue was discovered in Delta RM 1.2. It is possible to request a new password for any other... Moderate Unreviewed
CVE-2021-44839 was published Jan 19, 2022
Umbraco Persistent Password Reset Poison High
CVE-2022-22691 was published for Umbraco.Cms.Core (NuGet) Jan 21, 2022
Forgotten password reset functionality for local accounts can be used to bypass local... High Unreviewed
CVE-2021-27654 was published Jan 29, 2022
Information exposure in xwiki-platform Moderate
CVE-2022-23619 was published for org.xwiki.platform:xwiki-platform-web (Maven) Feb 9, 2022
An authenticated standard user could reset the password of other users (including the admin) by... High Unreviewed
CVE-2017-12850 was published May 17, 2022
Rate limit missing in microweber High
CVE-2022-0777 was published for microweber/microweber (Composer) Mar 2, 2022
An authenticated standard user could reset the password of the admin by altering form data.... High Unreviewed
CVE-2017-12851 was published May 17, 2022
A vulnerability was found in gitter-badger ezpublish-modern-legacy. It has been rated as... High Unreviewed
CVE-2015-10071 was published Jan 19, 2023
389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks... Critical Unreviewed
CVE-2017-7551 was published May 14, 2022
The Akuvox E11 password recovery webpage can be accessed without authentication, and an attacker... Critical Unreviewed
CVE-2023-0352 was published Mar 13, 2023
An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android... Critical Unreviewed
CVE-2022-45637 was published Mar 21, 2023
An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress... High Unreviewed
CVE-2019-10270 was published May 24, 2022
An Incorrect Access Control vulnerability exists in Premiumdatingscript 4.2.7.7 via the password... Critical Unreviewed
CVE-2021-41694 was published Dec 10, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database