Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,722
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,946
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+

72 advisories

Loading
OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence High
CVE-2026-42084 was published for openc3 (RubyGems) Apr 22, 2026
ctrlsill Credited to ctrlsill
Navicat for Oracle 12.1.15 contains a denial of service vulnerability that allows local attackers... Moderate Unreviewed
CVE-2019-25653 was published Mar 30, 2026
An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset... Critical Unreviewed
CVE-2026-30458 was published Mar 26, 2026
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication... High Unreviewed
CVE-2026-27757 was published Feb 27, 2026
EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the... High Unreviewed
CVE-2026-24443 was published Feb 24, 2026
A vulnerability was identified in vichan-devel vichan up to 5.1.5. This vulnerability affects... Moderate Unreviewed
CVE-2026-2543 was published Feb 16, 2026
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) allow account... High Unreviewed
CVE-2026-24440 was published Jan 26, 2026
A low-privileged user can bypass account credentials without confirming the user's current... High Unreviewed
CVE-2025-14751 was published Jan 23, 2026
Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules... Low Unreviewed
CVE-2025-11235 was published Jan 7, 2026
IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow could an authenticated user to change the... High Unreviewed
CVE-2025-13148 was published Dec 11, 2025
Ibexa User Bundle is missing password change validation Critical
CVE-2025-67719 was published for ibexa/user (Composer) Dec 10, 2025
An unverified password change vulnerability [CWE-620] vulnerability in Fortinet FortiSOAR PaaS 7... Moderate Unreviewed
CVE-2025-59808 was published Dec 9, 2025
Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2... Critical Unreviewed
CVE-2025-63362 was published Dec 4, 2025
Flowise does not Prevent Bypass of Password Confirmation - Unverified Password Change High
GHSA-fjh6-8679-9pch was published for flowise-ui (npm) Nov 14, 2025
mbiesiad Credited to mbiesiad
Flowise doesn't Prevent Bypass of Password Confirmation through Unverified Email Change (credentials) High
GHSA-x39m-3393-3qp4 was published for flowise-ui (npm) Nov 14, 2025
mbiesiad Credited to mbiesiad
A Host Header Injection vulnerability in the password reset component in levlaz braindump v0.4.14... High Unreviewed
CVE-2025-61132 was published Oct 23, 2025
FelixRiddle dev-jobs-handlebars 1.0 uses absolute password-reset (magic) links using the... High Unreviewed
CVE-2025-61536 was published Oct 16, 2025
Aggie 2.6.1 has a Host Header injection vulnerability in the forgot password functionality,... High Unreviewed
CVE-2025-22381 was published Oct 16, 2025
The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation... Critical Unreviewed
CVE-2025-9286 was published Oct 3, 2025
An authentication bypass vulnerability allows remote attackers to gain administrative privileges... Critical Unreviewed
CVE-2025-10159 was published Sep 9, 2025
CWE-620: Unverified Password Change Moderate Unreviewed
CVE-2025-46389 was published Aug 6, 2025
The Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2025-4606 was published Jul 9, 2025
The DWT - Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2024-12827 was published Jun 27, 2025
A vulnerability was found in UTT 进取 750W up to 5.0 and classified as critical. Affected by this... Moderate Unreviewed
CVE-2025-6097 was published Jun 16, 2025
The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is... High Unreviewed
CVE-2025-5482 was published Jun 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database