GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,132
Erlang
29
GitHub Actions
19
Go
1,937
Maven
5,000+
npm
3,676
NuGet
642
pip
3,292
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
151 advisories
Filter by severity
In order to perform actions that requires higher privileges, the Quest KACE System Management...
High
Unreviewed
CVE-2018-11134
was published
May 14, 2022
An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could...
Moderate
Unreviewed
CVE-2017-1000141
was published
May 14, 2022
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is...
Moderate
Unreviewed
CVE-2018-10210
was published
May 14, 2022
WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via...
High
Unreviewed
CVE-2014-6412
was published
May 14, 2022
CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data...
Critical
Unreviewed
CVE-2018-10081
was published
May 14, 2022
In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able...
High
Unreviewed
CVE-2017-8916
was published
May 14, 2022
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that...
Critical
Unreviewed
CVE-2017-17097
was published
May 14, 2022
389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks...
Critical
Unreviewed
CVE-2017-7551
was published
May 14, 2022
WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which...
Moderate
Unreviewed
CVE-2017-8295
was published
May 17, 2022
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote...
High
Unreviewed
CVE-2015-7257
was published
May 17, 2022
An authenticated standard user could reset the password of the admin by altering form data....
High
Unreviewed
CVE-2017-12851
was published
May 17, 2022
An authenticated standard user could reset the password of other users (including the admin) by...
High
Unreviewed
CVE-2017-12850
was published
May 17, 2022
Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset...
High
Unreviewed
CVE-2016-2349
was published
May 17, 2022
QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function.
High
Unreviewed
CVE-2017-7629
was published
May 17, 2022
A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows...
High
Unreviewed
CVE-2017-7731
was published
May 17, 2022
Craft CMS subject to URL forgery
Moderate
CVE-2017-8385
was published
for
craftcms/cms
(Composer)
May 17, 2022
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom...
Critical
Unreviewed
CVE-2017-2766
was published
May 17, 2022
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049...
Moderate
Unreviewed
CVE-2016-5997
was published
May 17, 2022
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049...
High
Unreviewed
CVE-2016-5996
was published
May 17, 2022
An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged...
Critical
Unreviewed
CVE-2019-11393
was published
May 24, 2022
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the administrator password is...
High
Unreviewed
CVE-2019-11414
was published
May 24, 2022
An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover)...
Critical
Unreviewed
CVE-2018-16988
was published
May 24, 2022
An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress...
High
Unreviewed
CVE-2019-10270
was published
May 24, 2022
An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is...
Moderate
Unreviewed
CVE-2019-13240
was published
May 24, 2022
TTLock devices do not properly restrict password-reset attempts, leading to incorrect access...
High
Unreviewed
CVE-2019-12943
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API