Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,331
Erlang
31
GitHub Actions
21
Go
2,093
Maven
5,000+
npm
3,756
NuGet
678
pip
3,444
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

164 advisories

Loading
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS... Critical Unreviewed
CVE-2023-30466 was published Apr 28, 2023
Insufficient token expiration in Serenity High
CVE-2023-31287 was published for Serenity.Net.Core (NuGet) Apr 27, 2023
An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email... Moderate Unreviewed
CVE-2021-36436 was published Apr 20, 2023
An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android... Critical Unreviewed
CVE-2022-45637 was published Mar 21, 2023
The Akuvox E11 password recovery webpage can be accessed without authentication, and an attacker... Critical Unreviewed
CVE-2023-0352 was published Mar 13, 2023
An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A... Critical Unreviewed
CVE-2022-45782 was published Feb 2, 2023
AMI Megarac Password reset interception via API High Unreviewed
CVE-2022-26872 was published Jan 30, 2023
A vulnerability was found in gitter-badger ezpublish-modern-legacy. It has been rated as... High Unreviewed
CVE-2015-10071 was published Jan 19, 2023
The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers... High Unreviewed
CVE-2022-25027 was published Jan 13, 2023
In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature... Moderate Unreviewed
CVE-2022-30332 was published Jan 10, 2023
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's... High Unreviewed
CVE-2020-12067 was published Dec 26, 2022
Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13... Critical Unreviewed
CVE-2022-47377 was published Dec 21, 2022
In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the... Critical Unreviewed
CVE-2022-3485 was published Dec 12, 2022
An issue was discovered in BACKCLICK Professional 5.9.63. Due to insecure design or lack of... Critical Unreviewed
CVE-2022-44004 was published Nov 17, 2022
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that... Critical Unreviewed
CVE-2022-37300 was published Sep 13, 2022
An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers... Moderate Unreviewed
CVE-2022-34530 was published Aug 2, 2022
An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the... Moderate Unreviewed
CVE-2022-23172 was published Jul 7, 2022
In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to... High Unreviewed
CVE-2021-25961 was published May 24, 2022
In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute... Moderate Unreviewed
CVE-2021-39899 was published May 24, 2022
Malicious attacker is able to find out valid user logins by using the "lost password" feature.... Moderate Unreviewed
CVE-2021-36095 was published May 24, 2022
In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset. Critical Unreviewed
CVE-2021-36209 was published May 24, 2022
In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in the login.cgi binary allows... High Unreviewed
CVE-2021-36708 was published May 24, 2022
Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, and Liferay DXP before 7.3,... High Unreviewed
CVE-2021-33321 was published May 24, 2022
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in... Critical Unreviewed
CVE-2021-22763 was published May 24, 2022
Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover... Critical Unreviewed
CVE-2021-28293 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database