GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,132
Erlang
29
GitHub Actions
19
Go
1,937
Maven
5,000+
npm
3,676
NuGet
642
pip
3,292
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
151 advisories
Filter by severity
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to...
High
Unreviewed
CVE-2017-9543
was published
May 13, 2022
Pagekit Weak Password Recovery Mechanism for Forgotten Password
High
CVE-2017-5594
was published
for
pagekit/pagekit
(Composer)
May 13, 2022
Moodle Weak Password Recovery Mechanism for Forgotten Password
High
CVE-2016-7038
was published
for
moodle/moodle
(Composer)
May 13, 2022
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an...
High
Unreviewed
CVE-2017-7615
was published
May 13, 2022
Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with...
Critical
Unreviewed
CVE-2018-18871
was published
May 13, 2022
Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM)...
High
Unreviewed
CVE-2018-8916
was published
May 13, 2022
When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to...
Moderate
Unreviewed
CVE-2017-2614
was published
May 13, 2022
An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web...
High
Unreviewed
CVE-2017-14005
was published
May 13, 2022
Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to...
High
Unreviewed
CVE-2017-8613
was published
May 13, 2022
Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change...
Moderate
Unreviewed
CVE-2018-12315
was published
May 13, 2022
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon...
Critical
Unreviewed
CVE-2018-7811
was published
May 13, 2022
Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak...
High
Unreviewed
CVE-2018-1000812
was published
May 14, 2022
Contao Does Not Invalidate Existing Sessions When Password Changes
Critical
CVE-2019-10641
was published
for
contao/contao
(Composer)
May 14, 2022
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the...
Critical
Unreviewed
CVE-2018-19488
was published
May 14, 2022
Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset...
Critical
Unreviewed
CVE-2015-4689
was published
May 14, 2022
OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows...
High
Unreviewed
CVE-2018-0696
was published
May 14, 2022
An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated...
Critical
Unreviewed
CVE-2018-17298
was published
May 14, 2022
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon...
Critical
Unreviewed
CVE-2018-7809
was published
May 14, 2022
On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings...
Critical
Unreviewed
CVE-2018-17881
was published
May 14, 2022
** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for...
High
Unreviewed
CVE-2018-17401
was published
May 14, 2022
An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6...
High
Unreviewed
CVE-2018-12579
was published
May 14, 2022
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an...
High
Unreviewed
CVE-2017-0921
was published
May 14, 2022
Instant Update CMS contains a Password Reset Vulnerability vulnerability in /iu-application...
Critical
Unreviewed
CVE-2018-1000501
was published
May 14, 2022
Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in...
Critical
Unreviewed
CVE-2018-1000554
was published
May 14, 2022
LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password ...
Critical
Unreviewed
CVE-2018-12421
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API