Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

146 advisories

Loading
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the administrator password is... High Unreviewed
CVE-2019-11414 was published May 24, 2022
An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged... Critical Unreviewed
CVE-2019-11393 was published May 24, 2022
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049... High Unreviewed
CVE-2016-5996 was published May 17, 2022
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049... Moderate Unreviewed
CVE-2016-5997 was published May 17, 2022
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom... Critical Unreviewed
CVE-2017-2766 was published May 17, 2022
Craft CMS subject to URL forgery Moderate
CVE-2017-8385 was published for craftcms/cms (Composer) May 17, 2022
A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows... High Unreviewed
CVE-2017-7731 was published May 17, 2022
QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function. High Unreviewed
CVE-2017-7629 was published May 17, 2022
Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset... High Unreviewed
CVE-2016-2349 was published May 17, 2022
An authenticated standard user could reset the password of other users (including the admin) by... High Unreviewed
CVE-2017-12850 was published May 17, 2022
An authenticated standard user could reset the password of the admin by altering form data.... High Unreviewed
CVE-2017-12851 was published May 17, 2022
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote... High Unreviewed
CVE-2015-7257 was published May 17, 2022
WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which... Moderate Unreviewed
CVE-2017-8295 was published May 17, 2022
389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks... Critical Unreviewed
CVE-2017-7551 was published May 14, 2022
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that... Critical Unreviewed
CVE-2017-17097 was published May 14, 2022
In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able... High Unreviewed
CVE-2017-8916 was published May 14, 2022
CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data... Critical Unreviewed
CVE-2018-10081 was published May 14, 2022
WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via... High Unreviewed
CVE-2014-6412 was published May 14, 2022
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is... Moderate Unreviewed
CVE-2018-10210 was published May 14, 2022
An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could... Moderate Unreviewed
CVE-2017-1000141 was published May 14, 2022
In order to perform actions that requires higher privileges, the Quest KACE System Management... High Unreviewed
CVE-2018-11134 was published May 14, 2022
LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password ... Critical Unreviewed
CVE-2018-12421 was published May 14, 2022
Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in... Critical Unreviewed
CVE-2018-1000554 was published May 14, 2022
Instant Update CMS contains a Password Reset Vulnerability vulnerability in /iu-application... Critical Unreviewed
CVE-2018-1000501 was published May 14, 2022
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an... High Unreviewed
CVE-2017-0921 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API