Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,144
NuGet
735
pip
3,947
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

78 advisories

Loading
Daikin Security Gateway is vulnerable to an authorization bypass through a user-controlled key... High Unreviewed
CVE-2025-10127 was published Sep 11, 2025
A vulnerability in the password reset workflow of the Touch Lebanon Mobile App 2.20.2 allows an... High Unreviewed
CVE-2025-50503 was published Aug 20, 2025
The BoomBox Theme Extensions plugin for WordPress is vulnerable to privilege escalation via... High Unreviewed
CVE-2024-12295 was published Mar 19, 2025
This vulnerability exists in the CAP back office application due to a weak password-reset... High Unreviewed
CVE-2025-29995 was published Mar 13, 2025
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for... High Unreviewed
CVE-2025-1570 was published Feb 28, 2025
The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is... High Unreviewed
CVE-2024-9302 was published Oct 25, 2024
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation... High Unreviewed
CVE-2024-9305 was published Oct 16, 2024
A host header injection vulnerability in MEANStore 1.0 allows attackers to obtain the password... High Unreviewed
CVE-2024-45980 was published Sep 26, 2024
A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain... High Unreviewed
CVE-2024-42915 was published Aug 23, 2024
HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability.... High Unreviewed
CVE-2024-6203 was published Aug 6, 2024
The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak... High Unreviewed
CVE-2023-7264 was published Jun 11, 2024
TP-Link Tapo C210 Password Recovery Authentication Bypass Vulnerability. This vulnerability... High Unreviewed
CVE-2023-35717 was published May 3, 2024
In Jitsi Meet before 9391, a logic flaw in password-protected Jitsi meetings (that make use of a... High Unreviewed
CVE-2024-33530 was published May 2, 2024
Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does... High Unreviewed
CVE-2024-27899 was published Apr 9, 2024
Weak password recovery mechanism in CDeX application allows to retrieve password reset token.This... High Unreviewed
CVE-2024-2463 was published Mar 21, 2024
Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery... High Unreviewed
CVE-2024-24903 was published Mar 1, 2024
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password... High Unreviewed
CVE-2024-22454 was published Feb 13, 2024
An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation... High Unreviewed
CVE-2023-49589 was published Jan 10, 2024
In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205,... High Unreviewed
CVE-2023-42481 was published Dec 12, 2023
ZITADEL Account Takeover via Malicious Host Header Injection High
CVE-2023-49097 was published for github.com/zitadel/zitadel (Go) Nov 29, 2023
eliobischof livio-a
amit-laish
The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up... High Unreviewed
CVE-2023-4214 was published Nov 18, 2023
Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea version 1.5.0.0, which... High Unreviewed
CVE-2023-4096 was published Sep 19, 2023
Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The... High Unreviewed
CVE-2023-34357 was published Sep 7, 2023
Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in... High Unreviewed
CVE-2023-3222 was published Sep 4, 2023
The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable... High Unreviewed
CVE-2023-29145 was published Jun 30, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database