Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

44 advisories

Loading
CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password reset, leading to account... Critical Unreviewed
CVE-2024-53552 was published Dec 10, 2024
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for... Critical Unreviewed
CVE-2024-47547 was published Dec 6, 2024
The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account... Critical Unreviewed
CVE-2024-11103 was published Nov 28, 2024
An issue in Olive VLE allows an attacker to obtain sensitive information via the reset password... Critical Unreviewed
CVE-2024-48428 was published Oct 25, 2024
The password recovery mechanism for the forgotten password in Riello Netman 204 allows an... Critical Unreviewed
CVE-2024-8878 was published Sep 25, 2024
Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the... Critical Unreviewed
CVE-2024-38468 was published Jun 16, 2024
An unauthenticated remote attacker can change the admin password in a moneo appliance due to weak... Critical Unreviewed
CVE-2024-5404 was published Jun 3, 2024
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16... Critical Unreviewed
CVE-2023-7028 was published Jan 12, 2024
The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows... Critical Unreviewed
CVE-2023-36487 was published Jun 29, 2023
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS... Critical Unreviewed
CVE-2023-30466 was published Apr 28, 2023
An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android... Critical Unreviewed
CVE-2022-45637 was published Mar 21, 2023
The Akuvox E11 password recovery webpage can be accessed without authentication, and an attacker... Critical Unreviewed
CVE-2023-0352 was published Mar 13, 2023
An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A... Critical Unreviewed
CVE-2022-45782 was published Feb 2, 2023
Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13... Critical Unreviewed
CVE-2022-47377 was published Dec 21, 2022
In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the... Critical Unreviewed
CVE-2022-3485 was published Dec 12, 2022
An issue was discovered in BACKCLICK Professional 5.9.63. Due to insecure design or lack of... Critical Unreviewed
CVE-2022-44004 was published Nov 17, 2022
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that... Critical Unreviewed
CVE-2022-37300 was published Sep 13, 2022
In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset. Critical Unreviewed
CVE-2021-36209 was published May 24, 2022
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in... Critical Unreviewed
CVE-2021-22763 was published May 24, 2022
Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover... Critical Unreviewed
CVE-2021-28293 was published May 24, 2022
Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed... Critical Unreviewed
CVE-2021-22731 was published May 24, 2022
The default setting of MISP 2.4.136 did not enable the requirements (aka... Critical Unreviewed
CVE-2021-25323 was published May 24, 2022
konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by... Critical Unreviewed
CVE-2020-27179 was published May 24, 2022
An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover)... Critical Unreviewed
CVE-2018-16988 was published May 24, 2022
An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged... Critical Unreviewed
CVE-2019-11393 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database