Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

81 advisories

Loading
ZITADEL Vulnerable to Account Takeover via Malicious Forwarded Header Injection High
CVE-2025-64101 was published for github.com/zitadel/zitadel/v2 (Go) Oct 29, 2025
amit-laish livio-a
Credited to amit-laish and livio-a
A weak password recovery mechanism for forgotten password vulnerability was discovered in... High Unreviewed
CVE-2025-61977 was published Oct 24, 2025
VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated... High Unreviewed
CVE-2025-41251 was published Sep 29, 2025
Daikin Security Gateway is vulnerable to an authorization bypass through a user-controlled key... High Unreviewed
CVE-2025-10127 was published Sep 11, 2025
A vulnerability in the password reset workflow of the Touch Lebanon Mobile App 2.20.2 allows an... High Unreviewed
CVE-2025-50503 was published Aug 20, 2025
The BoomBox Theme Extensions plugin for WordPress is vulnerable to privilege escalation via... High Unreviewed
CVE-2024-12295 was published Mar 19, 2025
This vulnerability exists in the CAP back office application due to a weak password-reset... High Unreviewed
CVE-2025-29995 was published Mar 13, 2025
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for... High Unreviewed
CVE-2025-1570 was published Feb 28, 2025
The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is... High Unreviewed
CVE-2024-9302 was published Oct 25, 2024
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation... High Unreviewed
CVE-2024-9305 was published Oct 16, 2024
A host header injection vulnerability in MEANStore 1.0 allows attackers to obtain the password... High Unreviewed
CVE-2024-45980 was published Sep 26, 2024
A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain... High Unreviewed
CVE-2024-42915 was published Aug 23, 2024
HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability.... High Unreviewed
CVE-2024-6203 was published Aug 6, 2024
The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak... High Unreviewed
CVE-2023-7264 was published Jun 11, 2024
TP-Link Tapo C210 Password Recovery Authentication Bypass Vulnerability. This vulnerability... High Unreviewed
CVE-2023-35717 was published May 3, 2024
In Jitsi Meet before 9391, a logic flaw in password-protected Jitsi meetings (that make use of a... High Unreviewed
CVE-2024-33530 was published May 2, 2024
Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does... High Unreviewed
CVE-2024-27899 was published Apr 9, 2024
Weak password recovery mechanism in CDeX application allows to retrieve password reset token.This... High Unreviewed
CVE-2024-2463 was published Mar 21, 2024
Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery... High Unreviewed
CVE-2024-24903 was published Mar 1, 2024
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password... High Unreviewed
CVE-2024-22454 was published Feb 13, 2024
An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation... High Unreviewed
CVE-2023-49589 was published Jan 10, 2024
In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205,... High Unreviewed
CVE-2023-42481 was published Dec 12, 2023
ZITADEL Account Takeover via Malicious Host Header Injection High
CVE-2023-49097 was published for github.com/zitadel/zitadel (Go) Nov 29, 2023
eliobischof livio-a
amit-laish
Credited to eliobischof, livio-a, and amit-laish
The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up... High Unreviewed
CVE-2023-4214 was published Nov 18, 2023
Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea version 1.5.0.0, which... High Unreviewed
CVE-2023-4096 was published Sep 19, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database