GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,960
Composer 4,279
Erlang 31
GitHub Actions 21
Go 2,056
Maven 5,237
npm 3,740
NuGet 668
pip 3,421
Pub 12
RubyGems 891
Rust 873
Swift 36

Unreviewed advisories

All unreviewed 238,901

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

162 advisories

Filter by severity

Sort by

Least recently updated

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon... Critical Unreviewed

CVE-2018-7811 was published May 13, 2022

Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak... High Unreviewed

CVE-2018-1000812 was published May 14, 2022

The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the... Critical Unreviewed

CVE-2018-19488 was published May 14, 2022

Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset... Critical Unreviewed

CVE-2015-4689 was published May 14, 2022

OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows... High Unreviewed

CVE-2018-0696 was published May 14, 2022

An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated... Critical Unreviewed

CVE-2018-17298 was published May 14, 2022

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon... Critical Unreviewed

CVE-2018-7809 was published May 14, 2022

On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings... Critical Unreviewed

CVE-2018-17881 was published May 14, 2022

** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for... High Unreviewed

CVE-2018-17401 was published May 14, 2022

An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6... High Unreviewed

CVE-2018-12579 was published May 14, 2022

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an... High Unreviewed

CVE-2017-0921 was published May 14, 2022

Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in... Critical Unreviewed

CVE-2018-1000554 was published May 14, 2022

An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could... Moderate Unreviewed

CVE-2017-1000141 was published May 14, 2022

LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password ... Critical Unreviewed

CVE-2018-12421 was published May 14, 2022

WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via... High Unreviewed

CVE-2014-6412 was published May 14, 2022

Instant Update CMS contains a Password Reset Vulnerability vulnerability in /iu-application... Critical Unreviewed

CVE-2018-1000501 was published May 14, 2022

In order to perform actions that requires higher privileges, the Quest KACE System Management... High Unreviewed

CVE-2018-11134 was published May 14, 2022

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that... Critical Unreviewed

CVE-2022-37300 was published Sep 13, 2022

CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data... Critical Unreviewed

CVE-2018-10081 was published May 14, 2022

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is... Moderate Unreviewed

CVE-2018-10210 was published May 14, 2022

In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able... High Unreviewed

CVE-2017-8916 was published May 14, 2022

gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that... Critical Unreviewed

CVE-2017-17097 was published May 14, 2022

WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which... Moderate Unreviewed

CVE-2017-8295 was published May 17, 2022

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote... High Unreviewed

CVE-2015-7257 was published May 17, 2022

An issue was discovered in Delta RM 1.2. It is possible to request a new password for any other... Moderate Unreviewed

CVE-2021-44839 was published Jan 19, 2022

Previous 1 2 3 4 5 6 7 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

162 advisories