GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,889
Composer 4,870
Erlang 37
GitHub Actions 36
Go 2,500
Maven 5,942
npm 4,147
NuGet 735
pip 3,948
Pub 12
RubyGems 945
Rust 1,025
Swift 39

Unreviewed advisories

All unreviewed 269,561

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

54 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Weak Password Recovery Mechanism for Forgotten Password vulnerability in Hossein Material... Critical Unreviewed

CVE-2025-32486 was published Sep 9, 2025

An issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settings... Critical Unreviewed

CVE-2025-50594 was published Aug 13, 2025

flask-boilerplate through a170e7c allows account takeover via the password reset feature because... Critical Unreviewed

CVE-2025-43931 was published Jul 7, 2025

JobCenter through 7e7b0b2 allows account takeover via the password reset feature because... Critical Unreviewed

CVE-2025-43932 was published Jul 7, 2025

Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. This... Critical Unreviewed

CVE-2025-6216 was published Jun 23, 2025

Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW... Critical Unreviewed

CVE-2025-47646 was published May 23, 2025

Weak Password Recovery Mechanism for Forgotten Password vulnerability in videowhisper Paid... Critical Unreviewed

CVE-2025-31380 was published Apr 17, 2025

The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed

CVE-2024-11350 was published Jan 8, 2025

CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password reset, leading to account... Critical Unreviewed

CVE-2024-53552 was published Dec 10, 2024

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for... Critical Unreviewed

CVE-2024-47547 was published Dec 6, 2024

The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account... Critical Unreviewed

CVE-2024-11103 was published Nov 28, 2024

An issue in Olive VLE allows an attacker to obtain sensitive information via the reset password... Critical Unreviewed

CVE-2024-48428 was published Oct 25, 2024

The password recovery mechanism for the forgotten password in Riello Netman 204 allows an... Critical Unreviewed

CVE-2024-8878 was published Sep 25, 2024

Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the... Critical Unreviewed

CVE-2024-38468 was published Jun 16, 2024

An unauthenticated remote attacker can change the admin password in a moneo appliance due to weak... Critical Unreviewed

CVE-2024-5404 was published Jun 3, 2024

This vulnerability allows remote attackers to reset the password of anonymous users without... Critical Unreviewed

CVE-2024-2862 was published Mar 25, 2024

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16... Critical Unreviewed

CVE-2023-7028 was published Jan 12, 2024

The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows... Critical Unreviewed

CVE-2023-36487 was published Jun 29, 2023

This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS... Critical Unreviewed

CVE-2023-30466 was published Apr 28, 2023

An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android... Critical Unreviewed

CVE-2022-45637 was published Mar 21, 2023

The Akuvox E11 password recovery webpage can be accessed without authentication, and an attacker... Critical Unreviewed

CVE-2023-0352 was published Mar 13, 2023

An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A... Critical Unreviewed

CVE-2022-45782 was published Feb 2, 2023

COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1... Critical Unreviewed

CVE-2022-47697 was published Jan 31, 2023

Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13... Critical Unreviewed

CVE-2022-47377 was published Dec 21, 2022

In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the... Critical Unreviewed

CVE-2022-3485 was published Dec 12, 2022

Previous1…3 Next

Previous 1 2 3 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

54 advisories