GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
59 advisories
Filter by severity
Team Password Manager (aka TeamPasswordManager) before 10.135.236 allows password-reset poisoning.
High
Unreviewed
CVE-2021-44037
was published
Nov 20, 2021
Forgotten password reset functionality for local accounts can be used to bypass local...
High
Unreviewed
CVE-2021-27654
was published
Jan 29, 2022
An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h...
High
Unreviewed
CVE-2021-43498
was published
Apr 9, 2022
An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application...
High
Unreviewed
CVE-2016-8716
was published
May 13, 2022
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to...
High
Unreviewed
CVE-2017-9543
was published
May 13, 2022
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an...
High
Unreviewed
CVE-2017-7615
was published
May 13, 2022
Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM)...
High
Unreviewed
CVE-2018-8916
was published
May 13, 2022
An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web...
High
Unreviewed
CVE-2017-14005
was published
May 13, 2022
Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to...
High
Unreviewed
CVE-2017-8613
was published
May 13, 2022
Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak...
High
Unreviewed
CVE-2018-1000812
was published
May 14, 2022
OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows...
High
Unreviewed
CVE-2018-0696
was published
May 14, 2022
** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for...
High
Unreviewed
CVE-2018-17401
was published
May 14, 2022
An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6...
High
Unreviewed
CVE-2018-12579
was published
May 14, 2022
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an...
High
Unreviewed
CVE-2017-0921
was published
May 14, 2022
In order to perform actions that requires higher privileges, the Quest KACE System Management...
High
Unreviewed
CVE-2018-11134
was published
May 14, 2022
WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via...
High
Unreviewed
CVE-2014-6412
was published
May 14, 2022
In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able...
High
Unreviewed
CVE-2017-8916
was published
May 14, 2022
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote...
High
Unreviewed
CVE-2015-7257
was published
May 17, 2022
An authenticated standard user could reset the password of the admin by altering form data....
High
Unreviewed
CVE-2017-12851
was published
May 17, 2022
An authenticated standard user could reset the password of other users (including the admin) by...
High
Unreviewed
CVE-2017-12850
was published
May 17, 2022
Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset...
High
Unreviewed
CVE-2016-2349
was published
May 17, 2022
QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function.
High
Unreviewed
CVE-2017-7629
was published
May 17, 2022
A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows...
High
Unreviewed
CVE-2017-7731
was published
May 17, 2022
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049...
High
Unreviewed
CVE-2016-5996
was published
May 17, 2022
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the administrator password is...
High
Unreviewed
CVE-2019-11414
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API