GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
44 advisories
Filter by severity
A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as...
Critical
Unreviewed
CVE-2022-1073
was published
Mar 30, 2022
pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users...
Critical
Unreviewed
CVE-2022-27157
was published
Apr 16, 2022
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom...
Critical
Unreviewed
CVE-2017-2766
was published
May 17, 2022
In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the...
Critical
Unreviewed
CVE-2022-3485
was published
Dec 12, 2022
konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by...
Critical
Unreviewed
CVE-2020-27179
was published
May 24, 2022
Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed...
Critical
Unreviewed
CVE-2021-22731
was published
May 24, 2022
Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover...
Critical
Unreviewed
CVE-2021-28293
was published
May 24, 2022
Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13...
Critical
Unreviewed
CVE-2022-47377
was published
Dec 21, 2022
In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset.
Critical
Unreviewed
CVE-2021-36209
was published
May 24, 2022
A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The...
Critical
Unreviewed
CVE-2018-16529
was published
Apr 30, 2022
An issue was discovered in BACKCLICK Professional 5.9.63. Due to insecure design or lack of...
Critical
Unreviewed
CVE-2022-44004
was published
Nov 17, 2022
Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with...
Critical
Unreviewed
CVE-2018-18871
was published
May 13, 2022
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon...
Critical
Unreviewed
CVE-2018-7811
was published
May 13, 2022
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the...
Critical
Unreviewed
CVE-2018-19488
was published
May 14, 2022
Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset...
Critical
Unreviewed
CVE-2015-4689
was published
May 14, 2022
An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated...
Critical
Unreviewed
CVE-2018-17298
was published
May 14, 2022
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon...
Critical
Unreviewed
CVE-2018-7809
was published
May 14, 2022
On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings...
Critical
Unreviewed
CVE-2018-17881
was published
May 14, 2022
Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in...
Critical
Unreviewed
CVE-2018-1000554
was published
May 14, 2022
LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password ...
Critical
Unreviewed
CVE-2018-12421
was published
May 14, 2022
Instant Update CMS contains a Password Reset Vulnerability vulnerability in /iu-application...
Critical
Unreviewed
CVE-2018-1000501
was published
May 14, 2022
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that...
Critical
Unreviewed
CVE-2022-37300
was published
Sep 13, 2022
CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data...
Critical
Unreviewed
CVE-2018-10081
was published
May 14, 2022
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that...
Critical
Unreviewed
CVE-2017-17097
was published
May 14, 2022
An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A...
Critical
Unreviewed
CVE-2022-45782
was published
Feb 2, 2023
ProTip!
Advisories are also available from the
GraphQL API