Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

39 advisories

Loading
A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as... Critical Unreviewed
CVE-2022-1073 was published Mar 30, 2022
pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users... Critical Unreviewed
CVE-2022-27157 was published Apr 16, 2022
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom... Critical Unreviewed
CVE-2017-2766 was published May 17, 2022
In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the... Critical Unreviewed
CVE-2022-3485 was published Dec 12, 2022
konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by... Critical Unreviewed
CVE-2020-27179 was published May 24, 2022
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in... Critical Unreviewed
CVE-2021-22763 was published May 24, 2022
Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed... Critical Unreviewed
CVE-2021-22731 was published May 24, 2022
Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover... Critical Unreviewed
CVE-2021-28293 was published May 24, 2022
Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13... Critical Unreviewed
CVE-2022-47377 was published Dec 21, 2022
In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset. Critical Unreviewed
CVE-2021-36209 was published May 24, 2022
A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The... Critical Unreviewed
CVE-2018-16529 was published Apr 30, 2022
An issue was discovered in BACKCLICK Professional 5.9.63. Due to insecure design or lack of... Critical Unreviewed
CVE-2022-44004 was published Nov 17, 2022
Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with... Critical Unreviewed
CVE-2018-18871 was published May 13, 2022
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon... Critical Unreviewed
CVE-2018-7811 was published May 13, 2022
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the... Critical Unreviewed
CVE-2018-19488 was published May 14, 2022
Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset... Critical Unreviewed
CVE-2015-4689 was published May 14, 2022
An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated... Critical Unreviewed
CVE-2018-17298 was published May 14, 2022
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon... Critical Unreviewed
CVE-2018-7809 was published May 14, 2022
On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings... Critical Unreviewed
CVE-2018-17881 was published May 14, 2022
Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in... Critical Unreviewed
CVE-2018-1000554 was published May 14, 2022
LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password ... Critical Unreviewed
CVE-2018-12421 was published May 14, 2022
Instant Update CMS contains a Password Reset Vulnerability vulnerability in /iu-application... Critical Unreviewed
CVE-2018-1000501 was published May 14, 2022
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that... Critical Unreviewed
CVE-2022-37300 was published Sep 13, 2022
CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data... Critical Unreviewed
CVE-2018-10081 was published May 14, 2022
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that... Critical Unreviewed
CVE-2017-17097 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database