GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+ Composer
5,000+ Erlang
39 GitHub Actions
38 Go
2,750 Maven
5,000+ npm
4,353 NuGet
765 pip
4,114 Pub
12 RubyGems
960 Rust
1,069 Swift
45Unreviewed advisories
All unreviewed
5,000+197 advisories
Filter by severity
Uh oh!
There was an error while loading. Please reload this page.
ASP.NET Core allow an elevation of privilege High
CVE-2018-0787 was published for Microsoft.AspNetCore.HttpOverrides (NuGet) Oct 16, 2018
A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as... Critical Unreviewed
CVE-2022-1073 was published Mar 30, 2022
An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h... High Unreviewed
CVE-2021-43498 was published Apr 9, 2022
pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users... Critical Unreviewed
CVE-2022-27157 was published Apr 16, 2022
Strapi allows unauthenticated attacker to reset admin password without valid reset token Critical
CVE-2019-18818 was published for strapi (npm) Dec 2, 2019
Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset... High Unreviewed
CVE-2016-2349 was published May 17, 2022
An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the... Moderate Unreviewed
CVE-2022-23172 was published Jul 7, 2022
A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows... High Unreviewed
CVE-2017-7731 was published May 17, 2022
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom... Critical Unreviewed
CVE-2017-2766 was published May 17, 2022
An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers... Moderate Unreviewed
CVE-2022-34530 was published Aug 2, 2022
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049... High Unreviewed
CVE-2016-5996 was published May 17, 2022
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049... Moderate Unreviewed
CVE-2016-5997 was published May 17, 2022
In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the... Critical Unreviewed
CVE-2022-3485 was published Dec 12, 2022
In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is... Moderate Unreviewed
CVE-2020-5899 was published May 24, 2022
ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an... High Unreviewed
CVE-2020-26061 was published May 24, 2022
konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by... Critical Unreviewed
CVE-2020-27179 was published May 24, 2022
Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account... High Unreviewed
CVE-2020-15949 was published May 24, 2022
Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability... High Unreviewed
CVE-2020-5361 was published May 24, 2022
Certain NETGEAR devices are affected by password reset by an unauthenticated attacker. This... High Unreviewed
CVE-2021-29080 was published May 24, 2022
Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the... High Unreviewed
CVE-2020-28186 was published May 24, 2022
In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a... High Unreviewed
CVE-2021-31912 was published May 24, 2022
Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed... Critical Unreviewed
CVE-2021-22731 was published May 24, 2022
Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover... Critical Unreviewed
CVE-2021-28293 was published May 24, 2022
Multiple valid tokens for password reset in Shopware Moderate
CVE-2022-24892 was published for shopware/shopware (Composer) Apr 28, 2022
In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in the login.cgi binary allows... High Unreviewed
CVE-2021-36708 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API