GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
37 advisories
Filter by severity
IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their...
Moderate
Unreviewed
CVE-2024-45670
was published
Nov 14, 2024
A vulnerability classified as problematic was found in QileCMS up to 1.1.3. This vulnerability...
Moderate
Unreviewed
CVE-2024-9907
was published
Oct 13, 2024
A vulnerability classified as critical was found in TDuckCloud TDuckPro up to 6.3. Affected by...
Moderate
Unreviewed
CVE-2024-8692
was published
Sep 11, 2024
In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism...
Moderate
Unreviewed
CVE-2024-5277
was published
Jun 6, 2024
Liferay Portal 7.2.0 through 7.3.5, and older unsupported versions, and Liferay DXP 7.3 before...
Moderate
Unreviewed
CVE-2021-29038
was published
Feb 21, 2024
A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1. Affected is an...
Moderate
Unreviewed
CVE-2024-0491
was published
Jan 13, 2024
A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability...
Moderate
Unreviewed
CVE-2024-0425
was published
Jan 11, 2024
WWBN AVideo recovery notification bypass vulnerability
Moderate
CVE-2023-50172
was published
for
wwbn/avideo
(Composer)
Jan 10, 2024
A vulnerability, which was classified as problematic, was found in Beijing Baichuo Smart S85F...
Moderate
Unreviewed
CVE-2023-5959
was published
Nov 11, 2023
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository linkstackorg...
Moderate
Unreviewed
CVE-2023-5840
was published
Oct 29, 2023
ZITADEL's password reset does not respect the "Ignoring unknown usernames" setting
Moderate
CVE-2023-44399
was published
for
github.com/zitadel/zitadel
(Go)
Oct 10, 2023
A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic....
Moderate
Unreviewed
CVE-2023-5296
was published
Sep 30, 2023
A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical. This issue...
Moderate
Unreviewed
CVE-2023-4448
was published
Aug 21, 2023
Weintek Weincloud v0.13.6
could allow an attacker to reset a password with the corresponding...
Moderate
Unreviewed
CVE-2023-35134
was published
Jul 20, 2023
A vulnerability was found in ningzichun Student Management System 1.0. It has been rated as...
Moderate
Unreviewed
CVE-2023-3007
was published
May 31, 2023
An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email...
Moderate
Unreviewed
CVE-2021-36436
was published
Apr 20, 2023
In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature...
Moderate
Unreviewed
CVE-2022-30332
was published
Jan 10, 2023
An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers...
Moderate
Unreviewed
CVE-2022-34530
was published
Aug 2, 2022
An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the...
Moderate
Unreviewed
CVE-2022-23172
was published
Jul 7, 2022
In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute...
Moderate
Unreviewed
CVE-2021-39899
was published
May 24, 2022
Malicious attacker is able to find out valid user logins by using the "lost password" feature....
Moderate
Unreviewed
CVE-2021-36095
was published
May 24, 2022
In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is...
Moderate
Unreviewed
CVE-2020-5899
was published
May 24, 2022
An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to...
Moderate
Unreviewed
CVE-2020-14016
was published
May 24, 2022
SITOS six Build v6.2.1 allows a user to change their password and recovery email address without...
Moderate
Unreviewed
CVE-2019-15749
was published
May 24, 2022
In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to...
Moderate
Unreviewed
CVE-2019-14955
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API