Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,778
Erlang
35
GitHub Actions
29
Go
2,332
Maven
5,000+
npm
3,966
NuGet
713
pip
3,759
Pub
12
RubyGems
921
Rust
975
Swift
38
Unreviewed advisories
All unreviewed
5,000+

176 advisories

Loading
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is... Moderate Unreviewed
CVE-2018-10210 was published May 14, 2022
In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature... Moderate Unreviewed
CVE-2022-30332 was published Jan 10, 2023
Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW... Critical Unreviewed
CVE-2025-47646 was published May 23, 2025
MantisBT allows arbitrary password reset High
CVE-2017-7615 was published for mantisbt/mantisbt (Composer) May 13, 2022
An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web... High Unreviewed
CVE-2017-14005 was published May 13, 2022
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote... High Unreviewed
CVE-2015-7257 was published May 17, 2022
QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function. High Unreviewed
CVE-2017-7629 was published May 17, 2022
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to... High Unreviewed
CVE-2017-9543 was published May 13, 2022
WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which... Moderate Unreviewed
CVE-2017-8295 was published May 17, 2022
Weak Password Recovery Mechanism for Forgotten Password vulnerability in videowhisper Paid... Critical Unreviewed
CVE-2025-31380 was published Apr 17, 2025
Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13... Critical Unreviewed
CVE-2022-47377 was published Dec 21, 2022
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's... High Unreviewed
CVE-2020-12067 was published Dec 26, 2022
The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers... High Unreviewed
CVE-2022-25027 was published Jan 13, 2023
This vulnerability allows remote attackers to reset the password of anonymous users without... Critical Unreviewed
CVE-2024-2862 was published Mar 25, 2024
Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an... Moderate Unreviewed
CVE-2025-1231 was published Feb 11, 2025
COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1... Critical Unreviewed
CVE-2022-47697 was published Jan 31, 2023
An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A... Critical Unreviewed
CVE-2022-45782 was published Feb 2, 2023
In Jitsi Meet before 9391, a logic flaw in password-protected Jitsi meetings (that make use of a... High Unreviewed
CVE-2024-33530 was published May 2, 2024
The BoomBox Theme Extensions plugin for WordPress is vulnerable to privilege escalation via... High Unreviewed
CVE-2024-12295 was published Mar 19, 2025
This vulnerability exists in the CAP back office application due to a weak password-reset... High Unreviewed
CVE-2025-29995 was published Mar 13, 2025
A vulnerability was found in PHPGurukul Online Library Management System 3.0. It has been... Low Unreviewed
CVE-2025-2093 was published Mar 8, 2025
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for... High Unreviewed
CVE-2025-1570 was published Feb 28, 2025
The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak... High Unreviewed
CVE-2023-7264 was published Jun 11, 2024
Insufficient token expiration in Serenity High
CVE-2023-31287 was published for Serenity.Net.Core (NuGet) Apr 27, 2023
Missing rate limit for password resets Moderate
CVE-2023-28821 was published for concrete5/concrete5 (Composer) Apr 28, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database