Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

138 advisories

Loading
Team Password Manager (aka TeamPasswordManager) before 10.135.236 allows password-reset poisoning. High Unreviewed
CVE-2021-44037 was published Nov 20, 2021
An Incorrect Access Control vulnerability exists in Premiumdatingscript 4.2.7.7 via the password... Critical Unreviewed
CVE-2021-41694 was published Dec 10, 2021
In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from... Moderate Unreviewed
CVE-2021-39919 was published Dec 14, 2021
An issue was discovered in Delta RM 1.2. It is possible to request a new password for any other... Moderate Unreviewed
CVE-2021-44839 was published Jan 19, 2022
Forgotten password reset functionality for local accounts can be used to bypass local... High Unreviewed
CVE-2021-27654 was published Jan 29, 2022
A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as... Critical Unreviewed
CVE-2022-1073 was published Mar 30, 2022
An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h... High Unreviewed
CVE-2021-43498 was published Apr 9, 2022
pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users... Critical Unreviewed
CVE-2022-27157 was published Apr 16, 2022
ZPanel 10.0.1 has insufficient entropy for its password reset process. Critical Unreviewed
CVE-2012-5686 was published Apr 23, 2022
A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The... Critical Unreviewed
CVE-2018-16529 was published Apr 30, 2022
An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application... High Unreviewed
CVE-2016-8716 was published May 13, 2022
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to... High Unreviewed
CVE-2017-9543 was published May 13, 2022
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an... High Unreviewed
CVE-2017-7615 was published May 13, 2022
Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with... Critical Unreviewed
CVE-2018-18871 was published May 13, 2022
Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM)... High Unreviewed
CVE-2018-8916 was published May 13, 2022
When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to... Moderate Unreviewed
CVE-2017-2614 was published May 13, 2022
An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web... High Unreviewed
CVE-2017-14005 was published May 13, 2022
Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to... High Unreviewed
CVE-2017-8613 was published May 13, 2022
Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change... Moderate Unreviewed
CVE-2018-12315 was published May 13, 2022
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon... Critical Unreviewed
CVE-2018-7811 was published May 13, 2022
Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak... High Unreviewed
CVE-2018-1000812 was published May 14, 2022
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the... Critical Unreviewed
CVE-2018-19488 was published May 14, 2022
Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset... Critical Unreviewed
CVE-2015-4689 was published May 14, 2022
OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows... High Unreviewed
CVE-2018-0696 was published May 14, 2022
An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated... Critical Unreviewed
CVE-2018-17298 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database