Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,353
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

50 advisories

Filter by severity
All severities
Low
Moderate
High
Critical
Loading
A weakness has been identified in SourceCodester Inventory Management System 1.0. The affected... Moderate Unreviewed
CVE-2025-13565 was published Nov 23, 2025
Shopware 6's password recovery link does not expire after email change Moderate
GHSA-2w46-vq8h-98vh was published for shopware/core (Composer) Nov 14, 2025
FlorianKe
Credited to FlorianKe
Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on... Moderate Unreviewed
CVE-2025-56748 was published Oct 15, 2025
A vulnerability has been found in Wavlink WL-WN578W2 221110. The affected element is an unknown... Moderate Unreviewed
CVE-2025-10322 was published Sep 12, 2025
Firefox for iOS would not respect a Content-Disposition header of type Attachment and would... Moderate Unreviewed
CVE-2025-55030 was published Aug 19, 2025
A vulnerability classified as problematic was found in jshERP up to 3.5. Affected by this... Moderate Unreviewed
CVE-2025-7948 was published Jul 22, 2025
A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been declared... Moderate Unreviewed
CVE-2025-7881 was published Jul 20, 2025
IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow... Moderate Unreviewed
CVE-2024-43190 was published Jul 7, 2025
Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an... Moderate Unreviewed
CVE-2025-1231 was published Feb 11, 2025
A vulnerability, which was classified as critical, has been found in YunzMall up to 2.4.2. This... Moderate Unreviewed
CVE-2025-0331 was published Jan 9, 2025
IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their... Moderate Unreviewed
CVE-2024-45670 was published Nov 14, 2024
A vulnerability classified as problematic was found in QileCMS up to 1.1.3. This vulnerability... Moderate Unreviewed
CVE-2024-9907 was published Oct 13, 2024
A vulnerability classified as critical was found in TDuckCloud TDuckPro up to 6.3. Affected by... Moderate Unreviewed
CVE-2024-8692 was published Sep 11, 2024
In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism... Moderate Unreviewed
CVE-2024-5277 was published Jun 6, 2024
Liferay Portal and Liferay DXP Does Not Obfuscate Password Reminder Answers Moderate
CVE-2021-29038 was published for com.liferay.commerce:com.liferay.commerce.account.web (Maven) Feb 21, 2024
A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1. Affected is an... Moderate Unreviewed
CVE-2024-0491 was published Jan 13, 2024
A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability... Moderate Unreviewed
CVE-2024-0425 was published Jan 11, 2024
WWBN AVideo recovery notification bypass vulnerability Moderate
CVE-2023-50172 was published for wwbn/avideo (Composer) Jan 10, 2024
A vulnerability, which was classified as problematic, was found in Beijing Baichuo Smart S85F... Moderate Unreviewed
CVE-2023-5959 was published Nov 11, 2023
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository linkstackorg... Moderate Unreviewed
CVE-2023-5840 was published Oct 29, 2023
ZITADEL's password reset does not respect the "Ignoring unknown usernames" setting Moderate
CVE-2023-44399 was published for github.com/zitadel/zitadel (Go) Oct 10, 2023
hosephlivio-a
fforootdadlerhurst
Credited to hoseph, livio-a, fforootd, and adlerhurst
A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic.... Moderate Unreviewed
CVE-2023-5296 was published Sep 30, 2023
A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical. This issue... Moderate Unreviewed
CVE-2023-4448 was published Aug 21, 2023
Weintek Weincloud v0.13.6 could allow an attacker to reset a password with the corresponding... Moderate Unreviewed
CVE-2023-35134 was published Jul 20, 2023
This issue was addressed with improved state management. This issue is fixed in iOS 16.5 and... Moderate Unreviewed
CVE-2023-28202 was published Jun 23, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database