GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
146 advisories
Filter by severity
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the administrator password is...
High
Unreviewed
CVE-2019-11414
was published
May 24, 2022
An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged...
Critical
Unreviewed
CVE-2019-11393
was published
May 24, 2022
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049...
High
Unreviewed
CVE-2016-5996
was published
May 17, 2022
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049...
Moderate
Unreviewed
CVE-2016-5997
was published
May 17, 2022
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom...
Critical
Unreviewed
CVE-2017-2766
was published
May 17, 2022
Craft CMS subject to URL forgery
Moderate
CVE-2017-8385
was published
for
craftcms/cms
(Composer)
May 17, 2022
A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows...
High
Unreviewed
CVE-2017-7731
was published
May 17, 2022
QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function.
High
Unreviewed
CVE-2017-7629
was published
May 17, 2022
Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset...
High
Unreviewed
CVE-2016-2349
was published
May 17, 2022
An authenticated standard user could reset the password of other users (including the admin) by...
High
Unreviewed
CVE-2017-12850
was published
May 17, 2022
An authenticated standard user could reset the password of the admin by altering form data....
High
Unreviewed
CVE-2017-12851
was published
May 17, 2022
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote...
High
Unreviewed
CVE-2015-7257
was published
May 17, 2022
WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which...
Moderate
Unreviewed
CVE-2017-8295
was published
May 17, 2022
389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks...
Critical
Unreviewed
CVE-2017-7551
was published
May 14, 2022
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that...
Critical
Unreviewed
CVE-2017-17097
was published
May 14, 2022
In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able...
High
Unreviewed
CVE-2017-8916
was published
May 14, 2022
CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data...
Critical
Unreviewed
CVE-2018-10081
was published
May 14, 2022
WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via...
High
Unreviewed
CVE-2014-6412
was published
May 14, 2022
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is...
Moderate
Unreviewed
CVE-2018-10210
was published
May 14, 2022
An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could...
Moderate
Unreviewed
CVE-2017-1000141
was published
May 14, 2022
In order to perform actions that requires higher privileges, the Quest KACE System Management...
High
Unreviewed
CVE-2018-11134
was published
May 14, 2022
LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password ...
Critical
Unreviewed
CVE-2018-12421
was published
May 14, 2022
Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in...
Critical
Unreviewed
CVE-2018-1000554
was published
May 14, 2022
Instant Update CMS contains a Password Reset Vulnerability vulnerability in /iu-application...
Critical
Unreviewed
CVE-2018-1000501
was published
May 14, 2022
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an...
High
Unreviewed
CVE-2017-0921
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API