GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,132
Erlang
29
GitHub Actions
19
Go
1,937
Maven
5,000+
npm
3,676
NuGet
642
pip
3,292
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
151 advisories
Filter by severity
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation...
High
Unreviewed
CVE-2024-9305
was published
Oct 16, 2024
A vulnerability classified as problematic was found in QileCMS up to 1.1.3. This vulnerability...
Moderate
Unreviewed
CVE-2024-9907
was published
Oct 13, 2024
The password recovery mechanism for the forgotten password in Riello Netman 204 allows an...
Critical
Unreviewed
CVE-2024-8878
was published
Sep 25, 2024
In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205,...
High
Unreviewed
CVE-2023-42481
was published
Dec 12, 2023
A host header injection vulnerability in MEANStore 1.0 allows attackers to obtain the password...
High
Unreviewed
CVE-2024-45980
was published
Sep 26, 2024
Indico Tampering with links (e.g. password reset) in sent emails
High
CVE-2021-30185
was published
for
indico
(pip)
Apr 8, 2021
Django Potential account hijack via password reset form
Critical
CVE-2019-19844
was published
for
Django
(pip)
Jan 16, 2020
A vulnerability classified as critical was found in TDuckCloud TDuckPro up to 6.3. Affected by...
Moderate
Unreviewed
CVE-2024-8692
was published
Sep 11, 2024
A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain...
High
Unreviewed
CVE-2024-42915
was published
Aug 23, 2024
Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the...
Critical
Unreviewed
CVE-2024-38468
was published
Jun 16, 2024
HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability....
High
Unreviewed
CVE-2024-6203
was published
Aug 6, 2024
Weak password recovery mechanism in CDeX application allows to retrieve password reset token.This...
High
Unreviewed
CVE-2024-2463
was published
Mar 21, 2024
In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature...
Moderate
Unreviewed
CVE-2022-30332
was published
Jan 10, 2023
Keycloak Denial of Service via account lockout
Low
GHSA-cq42-vhv7-xr7p
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 12, 2024
In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism...
Moderate
Unreviewed
CVE-2024-5277
was published
Jun 6, 2024
An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to...
Moderate
Unreviewed
CVE-2020-14016
was published
May 24, 2022
An unauthenticated remote attacker can change the admin password in a moneo appliance due to weak...
Critical
Unreviewed
CVE-2024-5404
was published
Jun 3, 2024
TP-Link Tapo C210 Password Recovery Authentication Bypass Vulnerability. This vulnerability...
High
Unreviewed
CVE-2023-35717
was published
May 3, 2024
Contao Does Not Invalidate Existing Sessions When Password Changes
Critical
CVE-2019-10641
was published
for
contao/contao
(Composer)
May 14, 2022
Craft CMS subject to URL forgery
Moderate
CVE-2017-8385
was published
for
craftcms/cms
(Composer)
May 17, 2022
Pagekit Weak Password Recovery Mechanism for Forgotten Password
High
CVE-2017-5594
was published
for
pagekit/pagekit
(Composer)
May 13, 2022
Moodle Weak Password Recovery Mechanism for Forgotten Password
High
CVE-2016-7038
was published
for
moodle/moodle
(Composer)
May 13, 2022
A vulnerability, which was classified as problematic, was found in Beijing Baichuo Smart S85F...
Moderate
Unreviewed
CVE-2023-5959
was published
Nov 11, 2023
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS...
Critical
Unreviewed
CVE-2023-30466
was published
Apr 28, 2023
Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea version 1.5.0.0, which...
High
Unreviewed
CVE-2023-4096
was published
Sep 19, 2023
ProTip!
Advisories are also available from the
GraphQL API