Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

38 advisories

Loading
An Incorrect Access Control vulnerability exists in Premiumdatingscript 4.2.7.7 via the password... Critical Unreviewed
CVE-2021-41694 was published Dec 10, 2021
A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as... Critical Unreviewed
CVE-2022-1073 was published Mar 30, 2022
pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users... Critical Unreviewed
CVE-2022-27157 was published Apr 16, 2022
ZPanel 10.0.1 has insufficient entropy for its password reset process. Critical Unreviewed
CVE-2012-5686 was published Apr 23, 2022
A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The... Critical Unreviewed
CVE-2018-16529 was published Apr 30, 2022
Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with... Critical Unreviewed
CVE-2018-18871 was published May 13, 2022
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon... Critical Unreviewed
CVE-2018-7811 was published May 13, 2022
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the... Critical Unreviewed
CVE-2018-19488 was published May 14, 2022
Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset... Critical Unreviewed
CVE-2015-4689 was published May 14, 2022
An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated... Critical Unreviewed
CVE-2018-17298 was published May 14, 2022
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon... Critical Unreviewed
CVE-2018-7809 was published May 14, 2022
On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings... Critical Unreviewed
CVE-2018-17881 was published May 14, 2022
Instant Update CMS contains a Password Reset Vulnerability vulnerability in /iu-application... Critical Unreviewed
CVE-2018-1000501 was published May 14, 2022
Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in... Critical Unreviewed
CVE-2018-1000554 was published May 14, 2022
LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password ... Critical Unreviewed
CVE-2018-12421 was published May 14, 2022
CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data... Critical Unreviewed
CVE-2018-10081 was published May 14, 2022
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that... Critical Unreviewed
CVE-2017-17097 was published May 14, 2022
389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks... Critical Unreviewed
CVE-2017-7551 was published May 14, 2022
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom... Critical Unreviewed
CVE-2017-2766 was published May 17, 2022
An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged... Critical Unreviewed
CVE-2019-11393 was published May 24, 2022
An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover)... Critical Unreviewed
CVE-2018-16988 was published May 24, 2022
konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by... Critical Unreviewed
CVE-2020-27179 was published May 24, 2022
The default setting of MISP 2.4.136 did not enable the requirements (aka... Critical Unreviewed
CVE-2021-25323 was published May 24, 2022
Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed... Critical Unreviewed
CVE-2021-22731 was published May 24, 2022
Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover... Critical Unreviewed
CVE-2021-28293 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API