Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

54 advisories

Loading
A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain... High Unreviewed
CVE-2024-42915 was published Aug 23, 2024
HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability.... High Unreviewed
CVE-2024-6203 was published Aug 6, 2024
Weak password recovery mechanism in CDeX application allows to retrieve password reset token.This... High Unreviewed
CVE-2024-2463 was published Mar 21, 2024
TP-Link Tapo C210 Password Recovery Authentication Bypass Vulnerability. This vulnerability... High Unreviewed
CVE-2023-35717 was published May 3, 2024
Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea version 1.5.0.0, which... High Unreviewed
CVE-2023-4096 was published Sep 19, 2023
Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does... High Unreviewed
CVE-2024-27899 was published Apr 9, 2024
Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The... High Unreviewed
CVE-2023-34357 was published Sep 7, 2023
Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in... High Unreviewed
CVE-2023-3222 was published Sep 4, 2023
D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates... High Unreviewed
CVE-2023-26615 was published Jun 28, 2023
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6... High Unreviewed
CVE-2023-31459 was published May 24, 2023
TTLock devices do not properly restrict password-reset attempts, leading to incorrect access... High Unreviewed
CVE-2019-12943 was published May 24, 2022
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the administrator password is... High Unreviewed
CVE-2019-11414 was published May 24, 2022
Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery... High Unreviewed
CVE-2024-24903 was published Mar 1, 2024
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password... High Unreviewed
CVE-2024-22454 was published Feb 13, 2024
An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation... High Unreviewed
CVE-2023-49589 was published Jan 10, 2024
The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up... High Unreviewed
CVE-2023-4214 was published Nov 18, 2023
AMI Megarac Password reset interception via API High Unreviewed
CVE-2022-26872 was published Jan 30, 2023
An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress... High Unreviewed
CVE-2019-10270 was published May 24, 2022
A vulnerability was found in gitter-badger ezpublish-modern-legacy. It has been rated as... High Unreviewed
CVE-2015-10071 was published Jan 19, 2023
An authenticated standard user could reset the password of the admin by altering form data.... High Unreviewed
CVE-2017-12851 was published May 17, 2022
An authenticated standard user could reset the password of other users (including the admin) by... High Unreviewed
CVE-2017-12850 was published May 17, 2022
Forgotten password reset functionality for local accounts can be used to bypass local... High Unreviewed
CVE-2021-27654 was published Jan 29, 2022
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote... High Unreviewed
CVE-2015-7257 was published May 17, 2022
In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able... High Unreviewed
CVE-2017-8916 was published May 14, 2022
In order to perform actions that requires higher privileges, the Quest KACE System Management... High Unreviewed
CVE-2018-11134 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API