GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
146 advisories
Filter by severity
Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The...
High
Unreviewed
CVE-2023-34357
was published
Sep 7, 2023
Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in...
High
Unreviewed
CVE-2023-3222
was published
Sep 4, 2023
A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical. This issue...
Moderate
Unreviewed
CVE-2023-4448
was published
Aug 21, 2023
Weintek Weincloud v0.13.6
could allow an attacker to reset a password with the corresponding...
Moderate
Unreviewed
CVE-2023-35134
was published
Jul 20, 2023
D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates...
High
Unreviewed
CVE-2023-26615
was published
Jun 28, 2023
A vulnerability was found in ningzichun Student Management System 1.0. It has been rated as...
Moderate
Unreviewed
CVE-2023-3007
was published
May 31, 2023
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6...
High
Unreviewed
CVE-2023-31459
was published
May 24, 2023
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS...
Critical
Unreviewed
CVE-2023-30466
was published
Apr 28, 2023
Insufficient token expiration in Serenity
High
CVE-2023-31287
was published
for
Serenity.Net.Core
(NuGet)
Apr 27, 2023
An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email...
Moderate
Unreviewed
CVE-2021-36436
was published
Apr 20, 2023
An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android...
Critical
Unreviewed
CVE-2022-45637
was published
Mar 21, 2023
The Akuvox E11 password recovery webpage can be accessed without authentication, and an attacker...
Critical
Unreviewed
CVE-2023-0352
was published
Mar 13, 2023
An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A...
Critical
Unreviewed
CVE-2022-45782
was published
Feb 2, 2023
AMI Megarac Password reset interception via API
High
Unreviewed
CVE-2022-26872
was published
Jan 30, 2023
A vulnerability was found in gitter-badger ezpublish-modern-legacy. It has been rated as...
High
Unreviewed
CVE-2015-10071
was published
Jan 19, 2023
The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers...
High
Unreviewed
CVE-2022-25027
was published
Jan 13, 2023
In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature...
Moderate
Unreviewed
CVE-2022-30332
was published
Jan 10, 2023
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's...
High
Unreviewed
CVE-2020-12067
was published
Dec 26, 2022
Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13...
Critical
Unreviewed
CVE-2022-47377
was published
Dec 21, 2022
In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the...
Critical
Unreviewed
CVE-2022-3485
was published
Dec 12, 2022
An issue was discovered in BACKCLICK Professional 5.9.63. Due to insecure design or lack of...
Critical
Unreviewed
CVE-2022-44004
was published
Nov 17, 2022
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that...
Critical
Unreviewed
CVE-2022-37300
was published
Sep 13, 2022
An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers...
Moderate
Unreviewed
CVE-2022-34530
was published
Aug 2, 2022
An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the...
Moderate
Unreviewed
CVE-2022-23172
was published
Jul 7, 2022
In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to...
High
Unreviewed
CVE-2021-25961
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API