Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

48 advisories

Loading
In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from... Moderate Unreviewed
CVE-2021-39919 was published Dec 14, 2021
An issue was discovered in Delta RM 1.2. It is possible to request a new password for any other... Moderate Unreviewed
CVE-2021-44839 was published Jan 19, 2022
Information exposure in xwiki-platform Moderate
CVE-2022-23619 was published for org.xwiki.platform:xwiki-platform-web (Maven) Feb 9, 2022
Multiple valid tokens for password reset in Shopware Moderate
CVE-2022-24892 was published for shopware/shopware (Composer) Apr 28, 2022
When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to... Moderate Unreviewed
CVE-2017-2614 was published May 13, 2022
Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change... Moderate Unreviewed
CVE-2018-12315 was published May 13, 2022
An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could... Moderate Unreviewed
CVE-2017-1000141 was published May 14, 2022
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is... Moderate Unreviewed
CVE-2018-10210 was published May 14, 2022
WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which... Moderate Unreviewed
CVE-2017-8295 was published May 17, 2022
Craft CMS subject to URL forgery Moderate
CVE-2017-8385 was published for craftcms/cms (Composer) May 17, 2022
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049... Moderate Unreviewed
CVE-2016-5997 was published May 17, 2022
An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is... Moderate Unreviewed
CVE-2019-13240 was published May 24, 2022
In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to... Moderate Unreviewed
CVE-2019-14955 was published May 24, 2022
SITOS six Build v6.2.1 allows a user to change their password and recovery email address without... Moderate Unreviewed
CVE-2019-15749 was published May 24, 2022
An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to... Moderate Unreviewed
CVE-2020-14016 was published May 24, 2022
In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is... Moderate Unreviewed
CVE-2020-5899 was published May 24, 2022
Malicious attacker is able to find out valid user logins by using the "lost password" feature.... Moderate Unreviewed
CVE-2021-36095 was published May 24, 2022
In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute... Moderate Unreviewed
CVE-2021-39899 was published May 24, 2022
An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the... Moderate Unreviewed
CVE-2022-23172 was published Jul 7, 2022
An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers... Moderate Unreviewed
CVE-2022-34530 was published Aug 2, 2022
In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature... Moderate Unreviewed
CVE-2022-30332 was published Jan 10, 2023
An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email... Moderate Unreviewed
CVE-2021-36436 was published Apr 20, 2023
Missing rate limit for password resets Moderate
CVE-2023-28821 was published for concrete5/concrete5 (Composer) Apr 28, 2023
A vulnerability was found in ningzichun Student Management System 1.0. It has been rated as... Moderate Unreviewed
CVE-2023-3007 was published May 31, 2023
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura... Moderate Unreviewed
CVE-2022-42807 was published Jun 23, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database