Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

67 advisories

Loading
ASP.NET Core allow an elevation of privilege High
CVE-2018-0787 was published for Microsoft.AspNetCore.HttpOverrides (NuGet) Oct 16, 2018
An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h... High Unreviewed
CVE-2021-43498 was published Apr 9, 2022
Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset... High Unreviewed
CVE-2016-2349 was published May 17, 2022
A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows... High Unreviewed
CVE-2017-7731 was published May 17, 2022
QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function. High Unreviewed
CVE-2017-7629 was published May 17, 2022
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049... High Unreviewed
CVE-2016-5996 was published May 17, 2022
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an... High Unreviewed
CVE-2017-7615 was published May 13, 2022
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's... High Unreviewed
CVE-2020-12067 was published Dec 26, 2022
ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an... High Unreviewed
CVE-2020-26061 was published May 24, 2022
Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account... High Unreviewed
CVE-2020-15949 was published May 24, 2022
Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability... High Unreviewed
CVE-2020-5361 was published May 24, 2022
Certain NETGEAR devices are affected by password reset by an unauthenticated attacker. This... High Unreviewed
CVE-2021-29080 was published May 24, 2022
Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the... High Unreviewed
CVE-2020-28186 was published May 24, 2022
In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a... High Unreviewed
CVE-2021-31912 was published May 24, 2022
Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, and Liferay DXP before 7.3,... High Unreviewed
CVE-2021-33321 was published May 24, 2022
In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in the login.cgi binary allows... High Unreviewed
CVE-2021-36708 was published May 24, 2022
An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application... High Unreviewed
CVE-2016-8716 was published May 13, 2022
In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to... High Unreviewed
CVE-2021-25961 was published May 24, 2022
The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers... High Unreviewed
CVE-2022-25027 was published Jan 13, 2023
Improper account password reset in Craft CMS High
CVE-2022-29933 was published for craftcms/cms (Composer) May 10, 2022
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to... High Unreviewed
CVE-2017-9543 was published May 13, 2022
Weak Password Recovery Mechanism for Forgotten Password High
CVE-2021-25957 was published for dolibarr/dolibarr (Composer) Sep 2, 2021
Malicious password-reset in Akaunting High
CVE-2021-36804 was published for akaunting/akaunting (Composer) Sep 1, 2021
Team Password Manager (aka TeamPasswordManager) before 10.135.236 allows password-reset poisoning. High Unreviewed
CVE-2021-44037 was published Nov 20, 2021
Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM)... High Unreviewed
CVE-2018-8916 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database