GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
44 advisories
Filter by severity
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16...
Critical
Unreviewed
CVE-2023-7028
was published
Jan 12, 2024
CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password reset, leading to account...
Critical
Unreviewed
CVE-2024-53552
was published
Dec 10, 2024
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for...
Critical
Unreviewed
CVE-2024-47547
was published
Dec 6, 2024
The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account...
Critical
Unreviewed
CVE-2024-11103
was published
Nov 28, 2024
The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows...
Critical
Unreviewed
CVE-2023-36487
was published
Jun 29, 2023
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in...
Critical
Unreviewed
CVE-2021-22763
was published
May 24, 2022
An issue in Olive VLE allows an attacker to obtain sensitive information via the reset password...
Critical
Unreviewed
CVE-2024-48428
was published
Oct 25, 2024
The password recovery mechanism for the forgotten password in Riello Netman 204 allows an...
Critical
Unreviewed
CVE-2024-8878
was published
Sep 25, 2024
Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the...
Critical
Unreviewed
CVE-2024-38468
was published
Jun 16, 2024
An unauthenticated remote attacker can change the admin password in a moneo appliance due to weak...
Critical
Unreviewed
CVE-2024-5404
was published
Jun 3, 2024
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS...
Critical
Unreviewed
CVE-2023-30466
was published
Apr 28, 2023
The default setting of MISP 2.4.136 did not enable the requirements (aka...
Critical
Unreviewed
CVE-2021-25323
was published
May 24, 2022
An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover)...
Critical
Unreviewed
CVE-2018-16988
was published
May 24, 2022
An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged...
Critical
Unreviewed
CVE-2019-11393
was published
May 24, 2022
ZPanel 10.0.1 has insufficient entropy for its password reset process.
Critical
Unreviewed
CVE-2012-5686
was published
Apr 23, 2022
An Incorrect Access Control vulnerability exists in Premiumdatingscript 4.2.7.7 via the password...
Critical
Unreviewed
CVE-2021-41694
was published
Dec 10, 2021
An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android...
Critical
Unreviewed
CVE-2022-45637
was published
Mar 21, 2023
The Akuvox E11 password recovery webpage can be accessed without authentication, and an attacker...
Critical
Unreviewed
CVE-2023-0352
was published
Mar 13, 2023
389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks...
Critical
Unreviewed
CVE-2017-7551
was published
May 14, 2022
An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A...
Critical
Unreviewed
CVE-2022-45782
was published
Feb 2, 2023
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that...
Critical
Unreviewed
CVE-2017-17097
was published
May 14, 2022
CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data...
Critical
Unreviewed
CVE-2018-10081
was published
May 14, 2022
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that...
Critical
Unreviewed
CVE-2022-37300
was published
Sep 13, 2022
Instant Update CMS contains a Password Reset Vulnerability vulnerability in /iu-application...
Critical
Unreviewed
CVE-2018-1000501
was published
May 14, 2022
LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password ...
Critical
Unreviewed
CVE-2018-12421
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API