GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
146 advisories
Filter by severity
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is...
Moderate
Unreviewed
CVE-2018-10210
was published
May 14, 2022
CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data...
Critical
Unreviewed
CVE-2018-10081
was published
May 14, 2022
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that...
Critical
Unreviewed
CVE-2022-37300
was published
Sep 13, 2022
In order to perform actions that requires higher privileges, the Quest KACE System Management...
High
Unreviewed
CVE-2018-11134
was published
May 14, 2022
Instant Update CMS contains a Password Reset Vulnerability vulnerability in /iu-application...
Critical
Unreviewed
CVE-2018-1000501
was published
May 14, 2022
WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via...
High
Unreviewed
CVE-2014-6412
was published
May 14, 2022
LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password ...
Critical
Unreviewed
CVE-2018-12421
was published
May 14, 2022
An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could...
Moderate
Unreviewed
CVE-2017-1000141
was published
May 14, 2022
Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in...
Critical
Unreviewed
CVE-2018-1000554
was published
May 14, 2022
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an...
High
Unreviewed
CVE-2017-0921
was published
May 14, 2022
An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6...
High
Unreviewed
CVE-2018-12579
was published
May 14, 2022
** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for...
High
Unreviewed
CVE-2018-17401
was published
May 14, 2022
On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings...
Critical
Unreviewed
CVE-2018-17881
was published
May 14, 2022
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon...
Critical
Unreviewed
CVE-2018-7809
was published
May 14, 2022
An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated...
Critical
Unreviewed
CVE-2018-17298
was published
May 14, 2022
OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows...
High
Unreviewed
CVE-2018-0696
was published
May 14, 2022
Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset...
Critical
Unreviewed
CVE-2015-4689
was published
May 14, 2022
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the...
Critical
Unreviewed
CVE-2018-19488
was published
May 14, 2022
Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak...
High
Unreviewed
CVE-2018-1000812
was published
May 14, 2022
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon...
Critical
Unreviewed
CVE-2018-7811
was published
May 13, 2022
Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change...
Moderate
Unreviewed
CVE-2018-12315
was published
May 13, 2022
Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to...
High
Unreviewed
CVE-2017-8613
was published
May 13, 2022
An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web...
High
Unreviewed
CVE-2017-14005
was published
May 13, 2022
When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to...
Moderate
Unreviewed
CVE-2017-2614
was published
May 13, 2022
Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM)...
High
Unreviewed
CVE-2018-8916
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API