Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,331
Erlang
31
GitHub Actions
21
Go
2,093
Maven
5,000+
npm
3,756
NuGet
678
pip
3,444
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

164 advisories

Loading
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the... Critical Unreviewed
CVE-2018-19488 was published May 14, 2022
Contao Does Not Invalidate Existing Sessions When Password Changes Critical
CVE-2019-10641 was published for contao/contao (Composer) May 14, 2022
Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak... High Unreviewed
CVE-2018-1000812 was published May 14, 2022
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon... Critical Unreviewed
CVE-2018-7811 was published May 13, 2022
Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change... Moderate Unreviewed
CVE-2018-12315 was published May 13, 2022
Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to... High Unreviewed
CVE-2017-8613 was published May 13, 2022
An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web... High Unreviewed
CVE-2017-14005 was published May 13, 2022
When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to... Moderate Unreviewed
CVE-2017-2614 was published May 13, 2022
Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM)... High Unreviewed
CVE-2018-8916 was published May 13, 2022
Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with... Critical Unreviewed
CVE-2018-18871 was published May 13, 2022
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an... High Unreviewed
CVE-2017-7615 was published May 13, 2022
Moodle Weak Password Recovery Mechanism for Forgotten Password High
CVE-2016-7038 was published for moodle/moodle (Composer) May 13, 2022
Pagekit Weak Password Recovery Mechanism for Forgotten Password High
CVE-2017-5594 was published for pagekit/pagekit (Composer) May 13, 2022
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to... High Unreviewed
CVE-2017-9543 was published May 13, 2022
Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password Low
CVE-2015-3189 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password Critical
CVE-2015-5172 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application... High Unreviewed
CVE-2016-8716 was published May 13, 2022
Improper account password reset in Craft CMS High
CVE-2022-29933 was published for craftcms/cms (Composer) May 10, 2022
A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The... Critical Unreviewed
CVE-2018-16529 was published Apr 30, 2022
Multiple valid tokens for password reset in Shopware Moderate
CVE-2022-24892 was published for shopware/shopware (Composer) Apr 28, 2022
ZPanel 10.0.1 has insufficient entropy for its password reset process. Critical Unreviewed
CVE-2012-5686 was published Apr 23, 2022
pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users... Critical Unreviewed
CVE-2022-27157 was published Apr 16, 2022
An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h... High Unreviewed
CVE-2021-43498 was published Apr 9, 2022
A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as... Critical Unreviewed
CVE-2022-1073 was published Mar 30, 2022
Rate limit missing in microweber High
CVE-2022-0777 was published for microweber/microweber (Composer) Mar 2, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database