Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,779
Erlang
36
GitHub Actions
29
Go
2,338
Maven
5,000+
npm
3,972
NuGet
714
pip
3,769
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+

176 advisories

Loading
TTLock devices do not properly restrict password-reset attempts, leading to incorrect access... High Unreviewed
CVE-2019-12943 was published May 24, 2022
An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is... Moderate Unreviewed
CVE-2019-13240 was published May 24, 2022
An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover)... Critical Unreviewed
CVE-2018-16988 was published May 24, 2022
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the administrator password is... High Unreviewed
CVE-2019-11414 was published May 24, 2022
An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged... Critical Unreviewed
CVE-2019-11393 was published May 24, 2022
ZPanel 10.0.1 has insufficient entropy for its password reset process. Critical Unreviewed
CVE-2012-5686 was published Apr 23, 2022
Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery... High Unreviewed
CVE-2024-24903 was published Mar 1, 2024
Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password Critical
CVE-2015-5172 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password Low
CVE-2015-3189 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password... High Unreviewed
CVE-2024-22454 was published Feb 13, 2024
Craft CMS possibility of brute force attempts Critical
CVE-2019-15929 was published for craftcms/cms (Composer) May 24, 2022
A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1. Affected is an... Moderate Unreviewed
CVE-2024-0491 was published Jan 13, 2024
WWBN AVideo recovery notification bypass vulnerability Moderate
CVE-2023-50172 was published for wwbn/avideo (Composer) Jan 10, 2024
A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability... Moderate Unreviewed
CVE-2024-0425 was published Jan 11, 2024
An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation... High Unreviewed
CVE-2023-49589 was published Jan 10, 2024
A vulnerability classified as problematic has been found in HuiRan Host Reseller System up to 2.0... Low Unreviewed
CVE-2024-0186 was published Jan 2, 2024
ZITADEL Account Takeover via Malicious Host Header Injection High
CVE-2023-49097 was published for github.com/zitadel/zitadel (Go) Nov 29, 2023
eliobischof livio-a
amit-laish
The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up... High Unreviewed
CVE-2023-4214 was published Nov 18, 2023
A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical. This issue... Moderate Unreviewed
CVE-2023-4448 was published Aug 21, 2023
A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic.... Moderate Unreviewed
CVE-2023-5296 was published Sep 30, 2023
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository linkstackorg... Moderate Unreviewed
CVE-2023-5840 was published Oct 29, 2023
ZITADEL's password reset does not respect the "Ignoring unknown usernames" setting Moderate
CVE-2023-44399 was published for github.com/zitadel/zitadel (Go) Oct 10, 2023
hoseph livio-a
fforootd adlerhurst
A vulnerability was found in ningzichun Student Management System 1.0. It has been rated as... Moderate Unreviewed
CVE-2023-3007 was published May 31, 2023
Weak Password Recovery Mechanism for Forgotten Password in Strapi High
CVE-2021-28128 was published for strapi (npm) Oct 6, 2021
AMI Megarac Password reset interception via API High Unreviewed
CVE-2022-26872 was published Jan 30, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database