GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,099
Composer 4,077
Erlang 29
GitHub Actions 19
Go 1,903
Maven 5,100
npm 3,632
NuGet 638
pip 3,249
Pub 10
RubyGems 864
Rust 818
Swift 35

Unreviewed advisories

All unreviewed 228,476

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

146 advisories

Filter by severity

Sort by

Least recently updated

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is... Moderate Unreviewed

CVE-2018-10210 was published May 14, 2022

CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data... Critical Unreviewed

CVE-2018-10081 was published May 14, 2022

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that... Critical Unreviewed

CVE-2022-37300 was published Sep 13, 2022

In order to perform actions that requires higher privileges, the Quest KACE System Management... High Unreviewed

CVE-2018-11134 was published May 14, 2022

Instant Update CMS contains a Password Reset Vulnerability vulnerability in /iu-application... Critical Unreviewed

CVE-2018-1000501 was published May 14, 2022

WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via... High Unreviewed

CVE-2014-6412 was published May 14, 2022

LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password ... Critical Unreviewed

CVE-2018-12421 was published May 14, 2022

An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could... Moderate Unreviewed

CVE-2017-1000141 was published May 14, 2022

Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in... Critical Unreviewed

CVE-2018-1000554 was published May 14, 2022

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an... High Unreviewed

CVE-2017-0921 was published May 14, 2022

An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6... High Unreviewed

CVE-2018-12579 was published May 14, 2022

** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for... High Unreviewed

CVE-2018-17401 was published May 14, 2022

On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings... Critical Unreviewed

CVE-2018-17881 was published May 14, 2022

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon... Critical Unreviewed

CVE-2018-7809 was published May 14, 2022

An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated... Critical Unreviewed

CVE-2018-17298 was published May 14, 2022

OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows... High Unreviewed

CVE-2018-0696 was published May 14, 2022

Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset... Critical Unreviewed

CVE-2015-4689 was published May 14, 2022

The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the... Critical Unreviewed

CVE-2018-19488 was published May 14, 2022

Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak... High Unreviewed

CVE-2018-1000812 was published May 14, 2022

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon... Critical Unreviewed

CVE-2018-7811 was published May 13, 2022

Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change... Moderate Unreviewed

CVE-2018-12315 was published May 13, 2022

Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to... High Unreviewed

CVE-2017-8613 was published May 13, 2022

An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web... High Unreviewed

CVE-2017-14005 was published May 13, 2022

When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to... Moderate Unreviewed

CVE-2017-2614 was published May 13, 2022

Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM)... High Unreviewed

CVE-2018-8916 was published May 13, 2022

Previous 1 2 3 4 5 6 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

146 advisories