Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

188 advisories

Loading
In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to... Moderate Unreviewed
CVE-2019-14955 was published May 24, 2022
SITOS six Build v6.2.1 allows a user to change their password and recovery email address without... Moderate Unreviewed
CVE-2019-15749 was published May 24, 2022
The default setting of MISP 2.4.136 did not enable the requirements (aka... Critical Unreviewed
CVE-2021-25323 was published May 24, 2022
An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email... Moderate Unreviewed
CVE-2021-36436 was published Apr 20, 2023
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6... High Unreviewed
CVE-2023-31459 was published May 24, 2023
D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates... High Unreviewed
CVE-2023-26615 was published Jun 28, 2023
Weintek Weincloud v0.13.6 could allow an attacker to reset a password with the corresponding... Moderate Unreviewed
CVE-2023-35134 was published Jul 20, 2023
Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in... High Unreviewed
CVE-2023-3222 was published Sep 4, 2023
Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The... High Unreviewed
CVE-2023-34357 was published Sep 7, 2023
Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does... High Unreviewed
CVE-2024-27899 was published Apr 9, 2024
Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea version 1.5.0.0, which... High Unreviewed
CVE-2023-4096 was published Sep 19, 2023
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS... Critical Unreviewed
CVE-2023-30466 was published Apr 28, 2023
A vulnerability, which was classified as problematic, was found in Beijing Baichuo Smart S85F... Moderate Unreviewed
CVE-2023-5959 was published Nov 11, 2023
Moodle Weak Password Recovery Mechanism for Forgotten Password High
CVE-2016-7038 was published for moodle/moodle (Composer) May 13, 2022
Pagekit Weak Password Recovery Mechanism for Forgotten Password High
CVE-2017-5594 was published for pagekit/pagekit (Composer) May 13, 2022
Craft CMS subject to URL forgery Moderate
CVE-2017-8385 was published for craftcms/cms (Composer) May 17, 2022
Contao Does Not Invalidate Existing Sessions When Password Changes Critical
CVE-2019-10641 was published for contao/contao (Composer) May 14, 2022
TP-Link Tapo C210 Password Recovery Authentication Bypass Vulnerability. This vulnerability... High Unreviewed
CVE-2023-35717 was published May 3, 2024
An unauthenticated remote attacker can change the admin password in a moneo appliance due to weak... Critical Unreviewed
CVE-2024-5404 was published Jun 3, 2024
An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to... Moderate Unreviewed
CVE-2020-14016 was published May 24, 2022
In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism... Moderate Unreviewed
CVE-2024-5277 was published Jun 6, 2024
Weak password recovery mechanism in CDeX application allows to retrieve password reset token.This... High Unreviewed
CVE-2024-2463 was published Mar 21, 2024
HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability.... High Unreviewed
CVE-2024-6203 was published Aug 6, 2024
Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the... Critical Unreviewed
CVE-2024-38468 was published Jun 16, 2024
A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain... High Unreviewed
CVE-2024-42915 was published Aug 23, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database