Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,779
Erlang
36
GitHub Actions
29
Go
2,338
Maven
5,000+
npm
3,972
NuGet
714
pip
3,769
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+

176 advisories

Loading
Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM)... High Unreviewed
CVE-2018-8916 was published May 13, 2022
A vulnerability, which was classified as critical, has been found in YunzMall up to 2.4.2. This... Moderate Unreviewed
CVE-2025-0331 was published Jan 9, 2025
The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2024-11350 was published Jan 8, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16... Critical Unreviewed
CVE-2023-7028 was published Jan 12, 2024
Keycloak Denial of Service via account lockout Low
CVE-2024-1722 was published for org.keycloak:keycloak-services (Maven) Jun 12, 2024
Chetven
CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password reset, leading to account... Critical Unreviewed
CVE-2024-53552 was published Dec 10, 2024
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura... Moderate Unreviewed
CVE-2022-42807 was published Jun 23, 2023
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for... Critical Unreviewed
CVE-2024-47547 was published Dec 6, 2024
This issue was addressed with improved state management. This issue is fixed in iOS 16.5 and... Moderate Unreviewed
CVE-2023-28202 was published Jun 23, 2023
The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account... Critical Unreviewed
CVE-2024-11103 was published Nov 28, 2024
The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows... Critical Unreviewed
CVE-2023-36487 was published Jun 29, 2023
The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable... High Unreviewed
CVE-2023-29145 was published Jun 30, 2023
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in... Critical Unreviewed
CVE-2021-22763 was published May 24, 2022
Liferay Portal 7.2.0 through 7.3.5, and older unsupported versions, and Liferay DXP 7.3 before... Moderate Unreviewed
CVE-2021-29038 was published Feb 21, 2024
An issue in Olive VLE allows an attacker to obtain sensitive information via the reset password... Critical Unreviewed
CVE-2024-48428 was published Oct 25, 2024
IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their... Moderate Unreviewed
CVE-2024-45670 was published Nov 14, 2024
The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is... High Unreviewed
CVE-2024-9302 was published Oct 25, 2024
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation... High Unreviewed
CVE-2024-9305 was published Oct 16, 2024
A vulnerability classified as problematic was found in QileCMS up to 1.1.3. This vulnerability... Moderate Unreviewed
CVE-2024-9907 was published Oct 13, 2024
The password recovery mechanism for the forgotten password in Riello Netman 204 allows an... Critical Unreviewed
CVE-2024-8878 was published Sep 25, 2024
In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205,... High Unreviewed
CVE-2023-42481 was published Dec 12, 2023
A host header injection vulnerability in MEANStore 1.0 allows attackers to obtain the password... High Unreviewed
CVE-2024-45980 was published Sep 26, 2024
Indico Tampering with links (e.g. password reset) in sent emails High
CVE-2021-30185 was published for indico (pip) Apr 8, 2021
Django Potential account hijack via password reset form Critical
CVE-2019-19844 was published for Django (pip) Jan 16, 2020
A vulnerability classified as critical was found in TDuckCloud TDuckPro up to 6.3. Affected by... Moderate Unreviewed
CVE-2024-8692 was published Sep 11, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database