GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
59 advisories
Filter by severity
The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable...
High
Unreviewed
CVE-2023-29145
was published
Jun 30, 2023
The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is...
High
Unreviewed
CVE-2024-9302
was published
Oct 25, 2024
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation...
High
Unreviewed
CVE-2024-9305
was published
Oct 16, 2024
In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205,...
High
Unreviewed
CVE-2023-42481
was published
Dec 12, 2023
A host header injection vulnerability in MEANStore 1.0 allows attackers to obtain the password...
High
Unreviewed
CVE-2024-45980
was published
Sep 26, 2024
A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain...
High
Unreviewed
CVE-2024-42915
was published
Aug 23, 2024
HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability....
High
Unreviewed
CVE-2024-6203
was published
Aug 6, 2024
Weak password recovery mechanism in CDeX application allows to retrieve password reset token.This...
High
Unreviewed
CVE-2024-2463
was published
Mar 21, 2024
TP-Link Tapo C210 Password Recovery Authentication Bypass Vulnerability. This vulnerability...
High
Unreviewed
CVE-2023-35717
was published
May 3, 2024
Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea version 1.5.0.0, which...
High
Unreviewed
CVE-2023-4096
was published
Sep 19, 2023
Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does...
High
Unreviewed
CVE-2024-27899
was published
Apr 9, 2024
Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The...
High
Unreviewed
CVE-2023-34357
was published
Sep 7, 2023
Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in...
High
Unreviewed
CVE-2023-3222
was published
Sep 4, 2023
D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates...
High
Unreviewed
CVE-2023-26615
was published
Jun 28, 2023
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6...
High
Unreviewed
CVE-2023-31459
was published
May 24, 2023
TTLock devices do not properly restrict password-reset attempts, leading to incorrect access...
High
Unreviewed
CVE-2019-12943
was published
May 24, 2022
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the administrator password is...
High
Unreviewed
CVE-2019-11414
was published
May 24, 2022
Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery...
High
Unreviewed
CVE-2024-24903
was published
Mar 1, 2024
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password...
High
Unreviewed
CVE-2024-22454
was published
Feb 13, 2024
An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation...
High
Unreviewed
CVE-2023-49589
was published
Jan 10, 2024
The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up...
High
Unreviewed
CVE-2023-4214
was published
Nov 18, 2023
AMI Megarac Password reset interception via API
High
Unreviewed
CVE-2022-26872
was published
Jan 30, 2023
An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress...
High
Unreviewed
CVE-2019-10270
was published
May 24, 2022
A vulnerability was found in gitter-badger ezpublish-modern-legacy. It has been rated as...
High
Unreviewed
CVE-2015-10071
was published
Jan 19, 2023
An authenticated standard user could reset the password of the admin by altering form data....
High
Unreviewed
CVE-2017-12851
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API