Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,780
Erlang
36
GitHub Actions
29
Go
2,338
Maven
5,000+
npm
3,973
NuGet
715
pip
3,769
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+

176 advisories

Loading
** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for... High Unreviewed
CVE-2018-17401 was published May 14, 2022
On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings... Critical Unreviewed
CVE-2018-17881 was published May 14, 2022
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon... Critical Unreviewed
CVE-2018-7809 was published May 14, 2022
An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated... Critical Unreviewed
CVE-2018-17298 was published May 14, 2022
OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows... High Unreviewed
CVE-2018-0696 was published May 14, 2022
Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset... Critical Unreviewed
CVE-2015-4689 was published May 14, 2022
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the... Critical Unreviewed
CVE-2018-19488 was published May 14, 2022
Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak... High Unreviewed
CVE-2018-1000812 was published May 14, 2022
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon... Critical Unreviewed
CVE-2018-7811 was published May 13, 2022
Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change... Moderate Unreviewed
CVE-2018-12315 was published May 13, 2022
Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to... High Unreviewed
CVE-2017-8613 was published May 13, 2022
When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to... Moderate Unreviewed
CVE-2017-2614 was published May 13, 2022
In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from... Moderate Unreviewed
CVE-2021-39919 was published Dec 14, 2021
Team Password Manager (aka TeamPasswordManager) before 10.135.236 allows password-reset poisoning. High Unreviewed
CVE-2021-44037 was published Nov 20, 2021
Malicious password-reset in Akaunting High
CVE-2021-36804 was published for akaunting/akaunting (Composer) Sep 1, 2021
Weak Password Recovery Mechanism for Forgotten Password High
CVE-2021-25957 was published for dolibarr/dolibarr (Composer) Sep 2, 2021
Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with... Critical Unreviewed
CVE-2018-18871 was published May 13, 2022
Improper account password reset in Craft CMS High
CVE-2022-29933 was published for craftcms/cms (Composer) May 10, 2022
An issue was discovered in BACKCLICK Professional 5.9.63. Due to insecure design or lack of... Critical Unreviewed
CVE-2022-44004 was published Nov 17, 2022
In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to... High Unreviewed
CVE-2021-25961 was published May 24, 2022
In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute... Moderate Unreviewed
CVE-2021-39899 was published May 24, 2022
An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application... High Unreviewed
CVE-2016-8716 was published May 13, 2022
A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The... Critical Unreviewed
CVE-2018-16529 was published Apr 30, 2022
Malicious attacker is able to find out valid user logins by using the "lost password" feature.... Moderate Unreviewed
CVE-2021-36095 was published May 24, 2022
In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset. Critical Unreviewed
CVE-2021-36209 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database