Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,351
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

197 advisories

Filter by severity
All severities
Low
Moderate
High
Critical
Loading
Emby Server API Vulnerability allowing to gain administrative access without precondition Critical
CVE-2025-64113 was published for MediaBrowser.Server.Core (NuGet) Dec 8, 2025
tembybot
Credited to tembybot
The password reset mechanism for the Pivot client application is weak, and it may allow an... High Unreviewed
CVE-2025-53704 was published Dec 5, 2025
A weakness has been identified in SourceCodester Inventory Management System 1.0. The affected... Moderate Unreviewed
CVE-2025-13565 was published Nov 23, 2025
Shopware 6's password recovery link does not expire after email change Moderate
GHSA-2w46-vq8h-98vh was published for shopware/core (Composer) Nov 14, 2025
FlorianKe
Credited to FlorianKe
EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing... Critical Unreviewed
CVE-2025-12866 was published Nov 10, 2025
ZITADEL Vulnerable to Account Takeover via Malicious Forwarded Header Injection High
CVE-2025-64101 was published for github.com/zitadel/zitadel/v2 (Go) Oct 29, 2025
amit-laishlivio-a
IAM-marco
Credited to amit-laish, livio-a, and IAM-marco
A weak password recovery mechanism for forgotten password vulnerability was discovered in... High Unreviewed
CVE-2025-61977 was published Oct 24, 2025
Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on... Moderate Unreviewed
CVE-2025-56748 was published Oct 15, 2025
VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated... High Unreviewed
CVE-2025-41251 was published Sep 29, 2025
A vulnerability has been found in Wavlink WL-WN578W2 221110. The affected element is an unknown... Moderate Unreviewed
CVE-2025-10322 was published Sep 12, 2025
Daikin Security Gateway is vulnerable to an authorization bypass through a user-controlled key... High Unreviewed
CVE-2025-10127 was published Sep 11, 2025
Weak Password Recovery Mechanism for Forgotten Password vulnerability in Hossein Material... Critical Unreviewed
CVE-2025-32486 was published Sep 9, 2025
A vulnerability in the password reset workflow of the Touch Lebanon Mobile App 2.20.2 allows an... High Unreviewed
CVE-2025-50503 was published Aug 20, 2025
Firefox for iOS would not respect a Content-Disposition header of type Attachment and would... Moderate Unreviewed
CVE-2025-55030 was published Aug 19, 2025
An issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settings... Critical Unreviewed
CVE-2025-50594 was published Aug 13, 2025
A vulnerability classified as problematic was found in jshERP up to 3.5. Affected by this... Moderate Unreviewed
CVE-2025-7948 was published Jul 22, 2025
A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been declared... Moderate Unreviewed
CVE-2025-7881 was published Jul 20, 2025
IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow... Moderate Unreviewed
CVE-2024-43190 was published Jul 7, 2025
flask-boilerplate through a170e7c allows account takeover via the password reset feature because... Critical Unreviewed
CVE-2025-43931 was published Jul 7, 2025
JobCenter through 7e7b0b2 allows account takeover via the password reset feature because... Critical Unreviewed
CVE-2025-43932 was published Jul 7, 2025
Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. This... Critical Unreviewed
CVE-2025-6216 was published Jun 23, 2025
Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW... Critical Unreviewed
CVE-2025-47646 was published May 23, 2025
Weak Password Recovery Mechanism for Forgotten Password vulnerability in videowhisper Paid... Critical Unreviewed
CVE-2025-31380 was published Apr 17, 2025
The BoomBox Theme Extensions plugin for WordPress is vulnerable to privilege escalation via... High Unreviewed
CVE-2024-12295 was published Mar 19, 2025
This vulnerability exists in the CAP back office application due to a weak password-reset... High Unreviewed
CVE-2025-29995 was published Mar 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database