GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
162 advisories
Filter by severity
ASP.NET Core allow an elevation of privilege
High
CVE-2018-0787
was published
for
Microsoft.AspNetCore.HttpOverrides
(NuGet)
Oct 16, 2018
A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as...
Critical
Unreviewed
CVE-2022-1073
was published
Mar 30, 2022
An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h...
High
Unreviewed
CVE-2021-43498
was published
Apr 9, 2022
pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users...
Critical
Unreviewed
CVE-2022-27157
was published
Apr 16, 2022
Strapi allows unauthenticated attacker to reset admin password without valid reset token
Critical
CVE-2019-18818
was published
for
strapi
(npm)
Dec 2, 2019
Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset...
High
Unreviewed
CVE-2016-2349
was published
May 17, 2022
An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the...
Moderate
Unreviewed
CVE-2022-23172
was published
Jul 7, 2022
A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows...
High
Unreviewed
CVE-2017-7731
was published
May 17, 2022
QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function.
High
Unreviewed
CVE-2017-7629
was published
May 17, 2022
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom...
Critical
Unreviewed
CVE-2017-2766
was published
May 17, 2022
An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers...
Moderate
Unreviewed
CVE-2022-34530
was published
Aug 2, 2022
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049...
High
Unreviewed
CVE-2016-5996
was published
May 17, 2022
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049...
Moderate
Unreviewed
CVE-2016-5997
was published
May 17, 2022
In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the...
Critical
Unreviewed
CVE-2022-3485
was published
Dec 12, 2022
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an...
High
Unreviewed
CVE-2017-7615
was published
May 13, 2022
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's...
High
Unreviewed
CVE-2020-12067
was published
Dec 26, 2022
In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is...
Moderate
Unreviewed
CVE-2020-5899
was published
May 24, 2022
ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an...
High
Unreviewed
CVE-2020-26061
was published
May 24, 2022
konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by...
Critical
Unreviewed
CVE-2020-27179
was published
May 24, 2022
Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account...
High
Unreviewed
CVE-2020-15949
was published
May 24, 2022
Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability...
High
Unreviewed
CVE-2020-5361
was published
May 24, 2022
Certain NETGEAR devices are affected by password reset by an unauthenticated attacker. This...
High
Unreviewed
CVE-2021-29080
was published
May 24, 2022
Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the...
High
Unreviewed
CVE-2020-28186
was published
May 24, 2022
In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a...
High
Unreviewed
CVE-2021-31912
was published
May 24, 2022
Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed...
Critical
Unreviewed
CVE-2021-22731
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API