Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,343
Erlang
31
GitHub Actions
22
Go
2,107
Maven
5,000+
npm
3,764
NuGet
679
pip
3,452
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

12 advisories

Loading
Multiple valid tokens for password reset in Shopware Moderate
CVE-2022-24892 was published for shopware/shopware (Composer) Apr 28, 2022
Improper account password reset in Craft CMS High
CVE-2022-29933 was published for craftcms/cms (Composer) May 10, 2022
Weak Password Recovery Mechanism for Forgotten Password High
CVE-2021-25957 was published for dolibarr/dolibarr (Composer) Sep 2, 2021
Malicious password-reset in Akaunting High
CVE-2021-36804 was published for akaunting/akaunting (Composer) Sep 1, 2021
Rate limit missing in microweber High
CVE-2022-0777 was published for microweber/microweber (Composer) Mar 2, 2022
WWBN AVideo recovery notification bypass vulnerability Moderate
CVE-2023-50172 was published for wwbn/avideo (Composer) Jan 10, 2024
Craft CMS possibility of brute force attempts Critical
CVE-2019-15929 was published for craftcms/cms (Composer) May 24, 2022
Moodle Weak Password Recovery Mechanism for Forgotten Password High
CVE-2016-7038 was published for moodle/moodle (Composer) May 13, 2022
Pagekit Weak Password Recovery Mechanism for Forgotten Password High
CVE-2017-5594 was published for pagekit/pagekit (Composer) May 13, 2022
Craft CMS subject to URL forgery Moderate
CVE-2017-8385 was published for craftcms/cms (Composer) May 17, 2022
Contao Does Not Invalidate Existing Sessions When Password Changes Critical
CVE-2019-10641 was published for contao/contao (Composer) May 14, 2022
Missing rate limit for password resets Moderate
CVE-2023-28821 was published for concrete5/concrete5 (Composer) Apr 28, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database