GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
122 advisories
Filter by severity
A vulnerability classified as critical was found in TDuckCloud TDuckPro up to 6.3. Affected by...
Moderate
Unreviewed
CVE-2024-8692
was published
Sep 11, 2024
A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain...
High
Unreviewed
CVE-2024-42915
was published
Aug 23, 2024
Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the...
Critical
Unreviewed
CVE-2024-38468
was published
Jun 16, 2024
HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability....
High
Unreviewed
CVE-2024-6203
was published
Aug 6, 2024
Weak password recovery mechanism in CDeX application allows to retrieve password reset token.This...
High
Unreviewed
CVE-2024-2463
was published
Mar 21, 2024
In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature...
Moderate
Unreviewed
CVE-2022-30332
was published
Jan 10, 2023
In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism...
Moderate
Unreviewed
CVE-2024-5277
was published
Jun 6, 2024
An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to...
Moderate
Unreviewed
CVE-2020-14016
was published
May 24, 2022
An unauthenticated remote attacker can change the admin password in a moneo appliance due to weak...
Critical
Unreviewed
CVE-2024-5404
was published
Jun 3, 2024
TP-Link Tapo C210 Password Recovery Authentication Bypass Vulnerability. This vulnerability...
High
Unreviewed
CVE-2023-35717
was published
May 3, 2024
A vulnerability, which was classified as problematic, was found in Beijing Baichuo Smart S85F...
Moderate
Unreviewed
CVE-2023-5959
was published
Nov 11, 2023
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS...
Critical
Unreviewed
CVE-2023-30466
was published
Apr 28, 2023
Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea version 1.5.0.0, which...
High
Unreviewed
CVE-2023-4096
was published
Sep 19, 2023
Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does...
High
Unreviewed
CVE-2024-27899
was published
Apr 9, 2024
Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The...
High
Unreviewed
CVE-2023-34357
was published
Sep 7, 2023
Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in...
High
Unreviewed
CVE-2023-3222
was published
Sep 4, 2023
Weintek Weincloud v0.13.6
could allow an attacker to reset a password with the corresponding...
Moderate
Unreviewed
CVE-2023-35134
was published
Jul 20, 2023
D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates...
High
Unreviewed
CVE-2023-26615
was published
Jun 28, 2023
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6...
High
Unreviewed
CVE-2023-31459
was published
May 24, 2023
An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email...
Moderate
Unreviewed
CVE-2021-36436
was published
Apr 20, 2023
The default setting of MISP 2.4.136 did not enable the requirements (aka...
Critical
Unreviewed
CVE-2021-25323
was published
May 24, 2022
SITOS six Build v6.2.1 allows a user to change their password and recovery email address without...
Moderate
Unreviewed
CVE-2019-15749
was published
May 24, 2022
In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to...
Moderate
Unreviewed
CVE-2019-14955
was published
May 24, 2022
TTLock devices do not properly restrict password-reset attempts, leading to incorrect access...
High
Unreviewed
CVE-2019-12943
was published
May 24, 2022
An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is...
Moderate
Unreviewed
CVE-2019-13240
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API