Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

78 advisories

Loading
ASP.NET Core allow an elevation of privilege High
CVE-2018-0787 was published for Microsoft.AspNetCore.HttpOverrides (NuGet) Oct 16, 2018
An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h... High Unreviewed
CVE-2021-43498 was published Apr 9, 2022
Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset... High Unreviewed
CVE-2016-2349 was published May 17, 2022
A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows... High Unreviewed
CVE-2017-7731 was published May 17, 2022
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049... High Unreviewed
CVE-2016-5996 was published May 17, 2022
ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an... High Unreviewed
CVE-2020-26061 was published May 24, 2022
Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account... High Unreviewed
CVE-2020-15949 was published May 24, 2022
Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability... High Unreviewed
CVE-2020-5361 was published May 24, 2022
Certain NETGEAR devices are affected by password reset by an unauthenticated attacker. This... High Unreviewed
CVE-2021-29080 was published May 24, 2022
Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the... High Unreviewed
CVE-2020-28186 was published May 24, 2022
In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a... High Unreviewed
CVE-2021-31912 was published May 24, 2022
In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in the login.cgi binary allows... High Unreviewed
CVE-2021-36708 was published May 24, 2022
An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application... High Unreviewed
CVE-2016-8716 was published May 13, 2022
In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to... High Unreviewed
CVE-2021-25961 was published May 24, 2022
Improper account password reset in Craft CMS High
CVE-2022-29933 was published for craftcms/cms (Composer) May 10, 2022
Weak Password Recovery Mechanism for Forgotten Password High
CVE-2021-25957 was published for dolibarr/dolibarr (Composer) Sep 2, 2021
Malicious password-reset in Akaunting High
CVE-2021-36804 was published for akaunting/akaunting (Composer) Sep 1, 2021
Team Password Manager (aka TeamPasswordManager) before 10.135.236 allows password-reset poisoning. High Unreviewed
CVE-2021-44037 was published Nov 20, 2021
Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to... High Unreviewed
CVE-2017-8613 was published May 13, 2022
Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak... High Unreviewed
CVE-2018-1000812 was published May 14, 2022
OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows... High Unreviewed
CVE-2018-0696 was published May 14, 2022
** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for... High Unreviewed
CVE-2018-17401 was published May 14, 2022
An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6... High Unreviewed
CVE-2018-12579 was published May 14, 2022
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an... High Unreviewed
CVE-2017-0921 was published May 14, 2022
WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via... High Unreviewed
CVE-2014-6412 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database