GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,099
Composer 4,077
Erlang 29
GitHub Actions 19
Go 1,903
Maven 5,100
npm 3,632
NuGet 638
pip 3,249
Pub 10
RubyGems 864
Rust 818
Swift 35

Unreviewed advisories

All unreviewed 228,475

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

122 advisories

Filter by severity

Sort by

Least recently updated

A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as... Critical Unreviewed

CVE-2022-1073 was published Mar 30, 2022

An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h... High Unreviewed

CVE-2021-43498 was published Apr 9, 2022

pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users... Critical Unreviewed

CVE-2022-27157 was published Apr 16, 2022

Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset... High Unreviewed

CVE-2016-2349 was published May 17, 2022

An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the... Moderate Unreviewed

CVE-2022-23172 was published Jul 7, 2022

A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows... High Unreviewed

CVE-2017-7731 was published May 17, 2022

QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function. High Unreviewed

CVE-2017-7629 was published May 17, 2022

EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom... Critical Unreviewed

CVE-2017-2766 was published May 17, 2022

An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers... Moderate Unreviewed

CVE-2022-34530 was published Aug 2, 2022

The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049... High Unreviewed

CVE-2016-5996 was published May 17, 2022

The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049... Moderate Unreviewed

CVE-2016-5997 was published May 17, 2022

In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the... Critical Unreviewed

CVE-2022-3485 was published Dec 12, 2022

MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an... High Unreviewed

CVE-2017-7615 was published May 13, 2022

In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's... High Unreviewed

CVE-2020-12067 was published Dec 26, 2022

In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is... Moderate Unreviewed

CVE-2020-5899 was published May 24, 2022

ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an... High Unreviewed

CVE-2020-26061 was published May 24, 2022

konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by... Critical Unreviewed

CVE-2020-27179 was published May 24, 2022

Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account... High Unreviewed

CVE-2020-15949 was published May 24, 2022

Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability... High Unreviewed

CVE-2020-5361 was published May 24, 2022

Certain NETGEAR devices are affected by password reset by an unauthenticated attacker. This... High Unreviewed

CVE-2021-29080 was published May 24, 2022

Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the... High Unreviewed

CVE-2020-28186 was published May 24, 2022

In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a... High Unreviewed

CVE-2021-31912 was published May 24, 2022

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in... Critical Unreviewed

CVE-2021-22763 was published May 24, 2022

Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed... Critical Unreviewed

CVE-2021-22731 was published May 24, 2022

Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover... Critical Unreviewed

CVE-2021-28293 was published May 24, 2022

Previous 1 2 3 4 5 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

122 advisories