GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,246
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
146 advisories
Filter by severity
In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute...
Moderate
Unreviewed
CVE-2021-39899
was published
May 24, 2022
Malicious attacker is able to find out valid user logins by using the "lost password" feature....
Moderate
Unreviewed
CVE-2021-36095
was published
May 24, 2022
In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset.
Critical
Unreviewed
CVE-2021-36209
was published
May 24, 2022
In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in the login.cgi binary allows...
High
Unreviewed
CVE-2021-36708
was published
May 24, 2022
Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, and Liferay DXP before 7.3,...
High
Unreviewed
CVE-2021-33321
was published
May 24, 2022
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in...
Critical
Unreviewed
CVE-2021-22763
was published
May 24, 2022
Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover...
Critical
Unreviewed
CVE-2021-28293
was published
May 24, 2022
Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed...
Critical
Unreviewed
CVE-2021-22731
was published
May 24, 2022
In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a...
High
Unreviewed
CVE-2021-31912
was published
May 24, 2022
Certain NETGEAR devices are affected by password reset by an unauthenticated attacker. This...
High
Unreviewed
CVE-2021-29080
was published
May 24, 2022
The default setting of MISP 2.4.136 did not enable the requirements (aka...
Critical
Unreviewed
CVE-2021-25323
was published
May 24, 2022
Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability...
High
Unreviewed
CVE-2020-5361
was published
May 24, 2022
Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the...
High
Unreviewed
CVE-2020-28186
was published
May 24, 2022
Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account...
High
Unreviewed
CVE-2020-15949
was published
May 24, 2022
konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by...
Critical
Unreviewed
CVE-2020-27179
was published
May 24, 2022
ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an...
High
Unreviewed
CVE-2020-26061
was published
May 24, 2022
In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is...
Moderate
Unreviewed
CVE-2020-5899
was published
May 24, 2022
An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to...
Moderate
Unreviewed
CVE-2020-14016
was published
May 24, 2022
Craft CMS possibility of brute force attempts
Critical
CVE-2019-15929
was published
for
craftcms/cms
(Composer)
May 24, 2022
SITOS six Build v6.2.1 allows a user to change their password and recovery email address without...
Moderate
Unreviewed
CVE-2019-15749
was published
May 24, 2022
In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to...
Moderate
Unreviewed
CVE-2019-14955
was published
May 24, 2022
TTLock devices do not properly restrict password-reset attempts, leading to incorrect access...
High
Unreviewed
CVE-2019-12943
was published
May 24, 2022
An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is...
Moderate
Unreviewed
CVE-2019-13240
was published
May 24, 2022
An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress...
High
Unreviewed
CVE-2019-10270
was published
May 24, 2022
An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover)...
Critical
Unreviewed
CVE-2018-16988
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API