Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,494
Maven
5,000+
npm
4,129
NuGet
735
pip
3,944
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

160 advisories

Loading
In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is... Moderate Unreviewed
CVE-2020-5899 was published May 24, 2022
An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to... Moderate Unreviewed
CVE-2020-14016 was published May 24, 2022
SITOS six Build v6.2.1 allows a user to change their password and recovery email address without... Moderate Unreviewed
CVE-2019-15749 was published May 24, 2022
In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to... Moderate Unreviewed
CVE-2019-14955 was published May 24, 2022
TTLock devices do not properly restrict password-reset attempts, leading to incorrect access... High Unreviewed
CVE-2019-12943 was published May 24, 2022
An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is... Moderate Unreviewed
CVE-2019-13240 was published May 24, 2022
An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress... High Unreviewed
CVE-2019-10270 was published May 24, 2022
An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover)... Critical Unreviewed
CVE-2018-16988 was published May 24, 2022
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the administrator password is... High Unreviewed
CVE-2019-11414 was published May 24, 2022
An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged... Critical Unreviewed
CVE-2019-11393 was published May 24, 2022
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049... High Unreviewed
CVE-2016-5996 was published May 17, 2022
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049... Moderate Unreviewed
CVE-2016-5997 was published May 17, 2022
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom... Critical Unreviewed
CVE-2017-2766 was published May 17, 2022
A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows... High Unreviewed
CVE-2017-7731 was published May 17, 2022
QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function. High Unreviewed
CVE-2017-7629 was published May 17, 2022
Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset... High Unreviewed
CVE-2016-2349 was published May 17, 2022
An authenticated standard user could reset the password of other users (including the admin) by... High Unreviewed
CVE-2017-12850 was published May 17, 2022
An authenticated standard user could reset the password of the admin by altering form data.... High Unreviewed
CVE-2017-12851 was published May 17, 2022
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote... High Unreviewed
CVE-2015-7257 was published May 17, 2022
WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which... Moderate Unreviewed
CVE-2017-8295 was published May 17, 2022
389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks... Critical Unreviewed
CVE-2017-7551 was published May 14, 2022
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that... Critical Unreviewed
CVE-2017-17097 was published May 14, 2022
In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able... High Unreviewed
CVE-2017-8916 was published May 14, 2022
CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data... Critical Unreviewed
CVE-2018-10081 was published May 14, 2022
WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via... High Unreviewed
CVE-2014-6412 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database