GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,132
Erlang
29
GitHub Actions
19
Go
1,937
Maven
5,000+
npm
3,676
NuGet
642
pip
3,292
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
151 advisories
Filter by severity
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to...
High
Unreviewed
CVE-2017-9543
was published
May 13, 2022
Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password
Low
CVE-2015-3189
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password
Critical
CVE-2015-5172
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application...
High
Unreviewed
CVE-2016-8716
was published
May 13, 2022
Improper account password reset in Craft CMS
High
CVE-2022-29933
was published
for
craftcms/cms
(Composer)
May 10, 2022
A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The...
Critical
Unreviewed
CVE-2018-16529
was published
Apr 30, 2022
Multiple valid tokens for password reset in Shopware
Moderate
CVE-2022-24892
was published
for
shopware/shopware
(Composer)
Apr 28, 2022
ZPanel 10.0.1 has insufficient entropy for its password reset process.
Critical
Unreviewed
CVE-2012-5686
was published
Apr 23, 2022
pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users...
Critical
Unreviewed
CVE-2022-27157
was published
Apr 16, 2022
An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h...
High
Unreviewed
CVE-2021-43498
was published
Apr 9, 2022
A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as...
Critical
Unreviewed
CVE-2022-1073
was published
Mar 30, 2022
Rate limit missing in microweber
High
CVE-2022-0777
was published
for
microweber/microweber
(Composer)
Mar 2, 2022
Information exposure in xwiki-platform
Moderate
CVE-2022-23619
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Feb 9, 2022
Forgotten password reset functionality for local accounts can be used to bypass local...
High
Unreviewed
CVE-2021-27654
was published
Jan 29, 2022
Umbraco Persistent Password Reset Poison
High
CVE-2022-22691
was published
for
Umbraco.Cms.Core
(NuGet)
Jan 21, 2022
An issue was discovered in Delta RM 1.2. It is possible to request a new password for any other...
Moderate
Unreviewed
CVE-2021-44839
was published
Jan 19, 2022
In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from...
Moderate
Unreviewed
CVE-2021-39919
was published
Dec 14, 2021
An Incorrect Access Control vulnerability exists in Premiumdatingscript 4.2.7.7 via the password...
Critical
Unreviewed
CVE-2021-41694
was published
Dec 10, 2021
Team Password Manager (aka TeamPasswordManager) before 10.135.236 allows password-reset poisoning.
High
Unreviewed
CVE-2021-44037
was published
Nov 20, 2021
Weak Password Recovery Mechanism for Forgotten Password in Strapi
High
CVE-2021-28128
was published
for
strapi
(npm)
Oct 6, 2021
Weak Password Recovery Mechanism for Forgotten Password
High
CVE-2021-25957
was published
for
dolibarr/dolibarr
(Composer)
Sep 2, 2021
Malicious password-reset in Akaunting
High
CVE-2021-36804
was published
for
akaunting/akaunting
(Composer)
Sep 1, 2021
Indico Tampering with links (e.g. password reset) in sent emails
High
CVE-2021-30185
was published
for
indico
(pip)
Apr 8, 2021
Django Potential account hijack via password reset form
Critical
CVE-2019-19844
was published
for
Django
(pip)
Jan 16, 2020
Strapi allows unauthenticated attacker to reset admin password without valid reset token
Critical
CVE-2019-18818
was published
for
strapi
(npm)
Dec 2, 2019
ProTip!
Advisories are also available from the
GraphQL API