GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
141 advisories
Filter by severity
In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism...
Moderate
Unreviewed
CVE-2024-5277
was published
Jun 6, 2024
An unauthenticated remote attacker can change the admin password in a moneo appliance due to weak...
Critical
Unreviewed
CVE-2024-5404
was published
Jun 3, 2024
TP-Link Tapo C210 Password Recovery Authentication Bypass Vulnerability. This vulnerability...
High
Unreviewed
CVE-2023-35717
was published
May 3, 2024
Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does...
High
Unreviewed
CVE-2024-27899
was published
Apr 9, 2024
Weak password recovery mechanism in CDeX application allows to retrieve password reset token.This...
Unknown
Unreviewed
CVE-2024-2463
was published
Mar 21, 2024
Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery...
High
Unreviewed
CVE-2024-24903
was published
Mar 1, 2024
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password...
High
Unreviewed
CVE-2024-22454
was published
Feb 13, 2024
A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1. Affected is an...
Moderate
Unreviewed
CVE-2024-0491
was published
Jan 13, 2024
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16...
Critical
Unreviewed
CVE-2023-7028
was published
Jan 12, 2024
A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability...
Moderate
Unreviewed
CVE-2024-0425
was published
Jan 11, 2024
WWBN AVideo recovery notification bypass vulnerability
Moderate
CVE-2023-50172
was published
for
wwbn/avideo
(Composer)
Jan 10, 2024
An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation...
High
Unreviewed
CVE-2023-49589
was published
Jan 10, 2024
A vulnerability classified as problematic has been found in HuiRan Host Reseller System up to 2.0...
Low
Unreviewed
CVE-2024-0186
was published
Jan 2, 2024
ZITADEL Account Takeover via Malicious Host Header Injection
High
CVE-2023-49097
was published
for
github.com/zitadel/zitadel
(Go)
Nov 29, 2023
The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up...
High
Unreviewed
CVE-2023-4214
was published
Nov 18, 2023
A vulnerability, which was classified as problematic, was found in Beijing Baichuo Smart S85F...
Moderate
Unreviewed
CVE-2023-5959
was published
Nov 11, 2023
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository linkstackorg...
Moderate
Unreviewed
CVE-2023-5840
was published
Oct 29, 2023
ZITADEL's password reset does not respect the "Ignoring unknown usernames" setting
Moderate
CVE-2023-44399
was published
for
github.com/zitadel/zitadel
(Go)
Oct 10, 2023
A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic....
Moderate
Unreviewed
CVE-2023-5296
was published
Sep 30, 2023
Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea version 1.5.0.0, which...
High
Unreviewed
CVE-2023-4096
was published
Sep 19, 2023
Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The...
High
Unreviewed
CVE-2023-34357
was published
Sep 7, 2023
Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in...
High
Unreviewed
CVE-2023-3222
was published
Sep 4, 2023
A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical. This issue...
Moderate
Unreviewed
CVE-2023-4448
was published
Aug 21, 2023
Weintek Weincloud v0.13.6
could allow an attacker to reset a password with the corresponding...
Moderate
Unreviewed
CVE-2023-35134
was published
Jul 20, 2023
D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates...
High
Unreviewed
CVE-2023-26615
was published
Jun 28, 2023
ProTip!
Advisories are also available from the
GraphQL API