Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

160 advisories

Loading
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is... Moderate Unreviewed
CVE-2018-10210 was published May 14, 2022
An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could... Moderate Unreviewed
CVE-2017-1000141 was published May 14, 2022
In order to perform actions that requires higher privileges, the Quest KACE System Management... High Unreviewed
CVE-2018-11134 was published May 14, 2022
LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password ... Critical Unreviewed
CVE-2018-12421 was published May 14, 2022
Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in... Critical Unreviewed
CVE-2018-1000554 was published May 14, 2022
Instant Update CMS contains a Password Reset Vulnerability vulnerability in /iu-application... Critical Unreviewed
CVE-2018-1000501 was published May 14, 2022
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an... High Unreviewed
CVE-2017-0921 was published May 14, 2022
An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6... High Unreviewed
CVE-2018-12579 was published May 14, 2022
** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for... High Unreviewed
CVE-2018-17401 was published May 14, 2022
On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings... Critical Unreviewed
CVE-2018-17881 was published May 14, 2022
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon... Critical Unreviewed
CVE-2018-7809 was published May 14, 2022
An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated... Critical Unreviewed
CVE-2018-17298 was published May 14, 2022
OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows... High Unreviewed
CVE-2018-0696 was published May 14, 2022
Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset... Critical Unreviewed
CVE-2015-4689 was published May 14, 2022
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the... Critical Unreviewed
CVE-2018-19488 was published May 14, 2022
Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak... High Unreviewed
CVE-2018-1000812 was published May 14, 2022
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon... Critical Unreviewed
CVE-2018-7811 was published May 13, 2022
Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change... Moderate Unreviewed
CVE-2018-12315 was published May 13, 2022
Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to... High Unreviewed
CVE-2017-8613 was published May 13, 2022
An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web... High Unreviewed
CVE-2017-14005 was published May 13, 2022
When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to... Moderate Unreviewed
CVE-2017-2614 was published May 13, 2022
Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM)... High Unreviewed
CVE-2018-8916 was published May 13, 2022
Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with... Critical Unreviewed
CVE-2018-18871 was published May 13, 2022
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to... High Unreviewed
CVE-2017-9543 was published May 13, 2022
An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application... High Unreviewed
CVE-2016-8716 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database