GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
34 advisories
Filter by severity
In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from...
Moderate
Unreviewed
CVE-2021-39919
was published
Dec 14, 2021
An issue was discovered in Delta RM 1.2. It is possible to request a new password for any other...
Moderate
Unreviewed
CVE-2021-44839
was published
Jan 19, 2022
When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to...
Moderate
Unreviewed
CVE-2017-2614
was published
May 13, 2022
Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change...
Moderate
Unreviewed
CVE-2018-12315
was published
May 13, 2022
An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could...
Moderate
Unreviewed
CVE-2017-1000141
was published
May 14, 2022
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is...
Moderate
Unreviewed
CVE-2018-10210
was published
May 14, 2022
WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which...
Moderate
Unreviewed
CVE-2017-8295
was published
May 17, 2022
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049...
Moderate
Unreviewed
CVE-2016-5997
was published
May 17, 2022
An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is...
Moderate
Unreviewed
CVE-2019-13240
was published
May 24, 2022
In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to...
Moderate
Unreviewed
CVE-2019-14955
was published
May 24, 2022
SITOS six Build v6.2.1 allows a user to change their password and recovery email address without...
Moderate
Unreviewed
CVE-2019-15749
was published
May 24, 2022
An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to...
Moderate
Unreviewed
CVE-2020-14016
was published
May 24, 2022
In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is...
Moderate
Unreviewed
CVE-2020-5899
was published
May 24, 2022
Malicious attacker is able to find out valid user logins by using the "lost password" feature....
Moderate
Unreviewed
CVE-2021-36095
was published
May 24, 2022
In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute...
Moderate
Unreviewed
CVE-2021-39899
was published
May 24, 2022
An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the...
Moderate
Unreviewed
CVE-2022-23172
was published
Jul 7, 2022
An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers...
Moderate
Unreviewed
CVE-2022-34530
was published
Aug 2, 2022
In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature...
Moderate
Unreviewed
CVE-2022-30332
was published
Jan 10, 2023
An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email...
Moderate
Unreviewed
CVE-2021-36436
was published
Apr 20, 2023
A vulnerability was found in ningzichun Student Management System 1.0. It has been rated as...
Moderate
Unreviewed
CVE-2023-3007
was published
May 31, 2023
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura...
Moderate
Unreviewed
CVE-2022-42807
was published
Jun 23, 2023
This issue was addressed with improved state management. This issue is fixed in iOS 16.5 and...
Moderate
Unreviewed
CVE-2023-28202
was published
Jun 23, 2023
Weintek Weincloud v0.13.6
could allow an attacker to reset a password with the corresponding...
Moderate
Unreviewed
CVE-2023-35134
was published
Jul 20, 2023
A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical. This issue...
Moderate
Unreviewed
CVE-2023-4448
was published
Aug 21, 2023
A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic....
Moderate
Unreviewed
CVE-2023-5296
was published
Sep 30, 2023
ProTip!
Advisories are also available from the
GraphQL API