GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
162 advisories
Filter by severity
CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password reset, leading to account...
Critical
Unreviewed
CVE-2024-53552
was published
Dec 10, 2024
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for...
Critical
Unreviewed
CVE-2024-47547
was published
Dec 6, 2024
The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account...
Critical
Unreviewed
CVE-2024-11103
was published
Nov 28, 2024
IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their...
Moderate
Unreviewed
CVE-2024-45670
was published
Nov 14, 2024
An issue in Olive VLE allows an attacker to obtain sensitive information via the reset password...
Critical
Unreviewed
CVE-2024-48428
was published
Oct 25, 2024
The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is...
High
Unreviewed
CVE-2024-9302
was published
Oct 25, 2024
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation...
High
Unreviewed
CVE-2024-9305
was published
Oct 16, 2024
A vulnerability classified as problematic was found in QileCMS up to 1.1.3. This vulnerability...
Moderate
Unreviewed
CVE-2024-9907
was published
Oct 13, 2024
A host header injection vulnerability in MEANStore 1.0 allows attackers to obtain the password...
High
Unreviewed
CVE-2024-45980
was published
Sep 26, 2024
The password recovery mechanism for the forgotten password in Riello Netman 204 allows an...
Critical
Unreviewed
CVE-2024-8878
was published
Sep 25, 2024
A vulnerability classified as critical was found in TDuckCloud TDuckPro up to 6.3. Affected by...
Moderate
Unreviewed
CVE-2024-8692
was published
Sep 11, 2024
A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain...
High
Unreviewed
CVE-2024-42915
was published
Aug 23, 2024
HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability....
High
Unreviewed
CVE-2024-6203
was published
Aug 6, 2024
Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the...
Critical
Unreviewed
CVE-2024-38468
was published
Jun 16, 2024
Keycloak Denial of Service via account lockout
Low
CVE-2024-1722
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 12, 2024
In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism...
Moderate
Unreviewed
CVE-2024-5277
was published
Jun 6, 2024
An unauthenticated remote attacker can change the admin password in a moneo appliance due to weak...
Critical
Unreviewed
CVE-2024-5404
was published
Jun 3, 2024
TP-Link Tapo C210 Password Recovery Authentication Bypass Vulnerability. This vulnerability...
High
Unreviewed
CVE-2023-35717
was published
May 3, 2024
Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does...
High
Unreviewed
CVE-2024-27899
was published
Apr 9, 2024
Weak password recovery mechanism in CDeX application allows to retrieve password reset token.This...
High
Unreviewed
CVE-2024-2463
was published
Mar 21, 2024
Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery...
High
Unreviewed
CVE-2024-24903
was published
Mar 1, 2024
Liferay Portal 7.2.0 through 7.3.5, and older unsupported versions, and Liferay DXP 7.3 before...
Moderate
Unreviewed
CVE-2021-29038
was published
Feb 21, 2024
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password...
High
Unreviewed
CVE-2024-22454
was published
Feb 13, 2024
A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1. Affected is an...
Moderate
Unreviewed
CVE-2024-0491
was published
Jan 13, 2024
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16...
Critical
Unreviewed
CVE-2023-7028
was published
Jan 12, 2024
ProTip!
Advisories are also available from the
GraphQL API