Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

58 advisories

Loading
The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is... High Unreviewed
CVE-2024-9302 was published Oct 25, 2024
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation... High Unreviewed
CVE-2024-9305 was published Oct 16, 2024
In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205,... High Unreviewed
CVE-2023-42481 was published Dec 12, 2023
A host header injection vulnerability in MEANStore 1.0 allows attackers to obtain the password... High Unreviewed
CVE-2024-45980 was published Sep 26, 2024
A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain... High Unreviewed
CVE-2024-42915 was published Aug 23, 2024
HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability.... High Unreviewed
CVE-2024-6203 was published Aug 6, 2024
Weak password recovery mechanism in CDeX application allows to retrieve password reset token.This... High Unreviewed
CVE-2024-2463 was published Mar 21, 2024
TP-Link Tapo C210 Password Recovery Authentication Bypass Vulnerability. This vulnerability... High Unreviewed
CVE-2023-35717 was published May 3, 2024
Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea version 1.5.0.0, which... High Unreviewed
CVE-2023-4096 was published Sep 19, 2023
Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does... High Unreviewed
CVE-2024-27899 was published Apr 9, 2024
Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The... High Unreviewed
CVE-2023-34357 was published Sep 7, 2023
Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in... High Unreviewed
CVE-2023-3222 was published Sep 4, 2023
D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates... High Unreviewed
CVE-2023-26615 was published Jun 28, 2023
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6... High Unreviewed
CVE-2023-31459 was published May 24, 2023
TTLock devices do not properly restrict password-reset attempts, leading to incorrect access... High Unreviewed
CVE-2019-12943 was published May 24, 2022
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the administrator password is... High Unreviewed
CVE-2019-11414 was published May 24, 2022
Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery... High Unreviewed
CVE-2024-24903 was published Mar 1, 2024
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password... High Unreviewed
CVE-2024-22454 was published Feb 13, 2024
An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation... High Unreviewed
CVE-2023-49589 was published Jan 10, 2024
The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up... High Unreviewed
CVE-2023-4214 was published Nov 18, 2023
AMI Megarac Password reset interception via API High Unreviewed
CVE-2022-26872 was published Jan 30, 2023
An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress... High Unreviewed
CVE-2019-10270 was published May 24, 2022
A vulnerability was found in gitter-badger ezpublish-modern-legacy. It has been rated as... High Unreviewed
CVE-2015-10071 was published Jan 19, 2023
An authenticated standard user could reset the password of the admin by altering form data.... High Unreviewed
CVE-2017-12851 was published May 17, 2022
An authenticated standard user could reset the password of other users (including the admin) by... High Unreviewed
CVE-2017-12850 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database