GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
59 advisories
Filter by severity
An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h...
High
Unreviewed
CVE-2021-43498
was published
Apr 9, 2022
Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset...
High
Unreviewed
CVE-2016-2349
was published
May 17, 2022
A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows...
High
Unreviewed
CVE-2017-7731
was published
May 17, 2022
QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function.
High
Unreviewed
CVE-2017-7629
was published
May 17, 2022
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049...
High
Unreviewed
CVE-2016-5996
was published
May 17, 2022
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an...
High
Unreviewed
CVE-2017-7615
was published
May 13, 2022
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's...
High
Unreviewed
CVE-2020-12067
was published
Dec 26, 2022
ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an...
High
Unreviewed
CVE-2020-26061
was published
May 24, 2022
Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account...
High
Unreviewed
CVE-2020-15949
was published
May 24, 2022
Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability...
High
Unreviewed
CVE-2020-5361
was published
May 24, 2022
Certain NETGEAR devices are affected by password reset by an unauthenticated attacker. This...
High
Unreviewed
CVE-2021-29080
was published
May 24, 2022
Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the...
High
Unreviewed
CVE-2020-28186
was published
May 24, 2022
In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a...
High
Unreviewed
CVE-2021-31912
was published
May 24, 2022
Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, and Liferay DXP before 7.3,...
High
Unreviewed
CVE-2021-33321
was published
May 24, 2022
In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in the login.cgi binary allows...
High
Unreviewed
CVE-2021-36708
was published
May 24, 2022
An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application...
High
Unreviewed
CVE-2016-8716
was published
May 13, 2022
In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to...
High
Unreviewed
CVE-2021-25961
was published
May 24, 2022
The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers...
High
Unreviewed
CVE-2022-25027
was published
Jan 13, 2023
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to...
High
Unreviewed
CVE-2017-9543
was published
May 13, 2022
Team Password Manager (aka TeamPasswordManager) before 10.135.236 allows password-reset poisoning.
High
Unreviewed
CVE-2021-44037
was published
Nov 20, 2021
Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM)...
High
Unreviewed
CVE-2018-8916
was published
May 13, 2022
An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web...
High
Unreviewed
CVE-2017-14005
was published
May 13, 2022
Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to...
High
Unreviewed
CVE-2017-8613
was published
May 13, 2022
Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak...
High
Unreviewed
CVE-2018-1000812
was published
May 14, 2022
OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows...
High
Unreviewed
CVE-2018-0696
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API