GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
34 advisories
Filter by severity
An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the...
Moderate
Unreviewed
CVE-2022-23172
was published
Jul 7, 2022
An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers...
Moderate
Unreviewed
CVE-2022-34530
was published
Aug 2, 2022
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049...
Moderate
Unreviewed
CVE-2016-5997
was published
May 17, 2022
In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is...
Moderate
Unreviewed
CVE-2020-5899
was published
May 24, 2022
Multiple valid tokens for password reset in Shopware
Moderate
CVE-2022-24892
was published
for
shopware/shopware
(Composer)
Apr 28, 2022
Malicious attacker is able to find out valid user logins by using the "lost password" feature....
Moderate
Unreviewed
CVE-2021-36095
was published
May 24, 2022
In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute...
Moderate
Unreviewed
CVE-2021-39899
was published
May 24, 2022
In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from...
Moderate
Unreviewed
CVE-2021-39919
was published
Dec 14, 2021
When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to...
Moderate
Unreviewed
CVE-2017-2614
was published
May 13, 2022
Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change...
Moderate
Unreviewed
CVE-2018-12315
was published
May 13, 2022
An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could...
Moderate
Unreviewed
CVE-2017-1000141
was published
May 14, 2022
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is...
Moderate
Unreviewed
CVE-2018-10210
was published
May 14, 2022
WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which...
Moderate
Unreviewed
CVE-2017-8295
was published
May 17, 2022
An issue was discovered in Delta RM 1.2. It is possible to request a new password for any other...
Moderate
Unreviewed
CVE-2021-44839
was published
Jan 19, 2022
Information exposure in xwiki-platform
Moderate
CVE-2022-23619
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Feb 9, 2022
A vulnerability was found in ningzichun Student Management System 1.0. It has been rated as...
Moderate
Unreviewed
CVE-2023-3007
was published
May 31, 2023
ZITADEL's password reset does not respect the "Ignoring unknown usernames" setting
Moderate
CVE-2023-44399
was published
for
github.com/zitadel/zitadel
(Go)
Oct 10, 2023
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository linkstackorg...
Moderate
Unreviewed
CVE-2023-5840
was published
Oct 29, 2023
A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic....
Moderate
Unreviewed
CVE-2023-5296
was published
Sep 30, 2023
A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical. This issue...
Moderate
Unreviewed
CVE-2023-4448
was published
Aug 21, 2023
A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability...
Moderate
Unreviewed
CVE-2024-0425
was published
Jan 11, 2024
WWBN AVideo recovery notification bypass vulnerability
Moderate
CVE-2023-50172
was published
for
wwbn/avideo
(Composer)
Jan 10, 2024
A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1. Affected is an...
Moderate
Unreviewed
CVE-2024-0491
was published
Jan 13, 2024
An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is...
Moderate
Unreviewed
CVE-2019-13240
was published
May 24, 2022
In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to...
Moderate
Unreviewed
CVE-2019-14955
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API