Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

24 advisories

Loading
Keycloak Denial of Service via account lockout Low
GHSA-cq42-vhv7-xr7p was published for org.keycloak:keycloak-services (Maven) Jun 12, 2024
WWBN AVideo recovery notification bypass vulnerability Moderate
CVE-2023-50172 was published for wwbn/avideo (Composer) Jan 10, 2024
ZITADEL Account Takeover via Malicious Host Header Injection High
CVE-2023-49097 was published for github.com/zitadel/zitadel (Go) Nov 29, 2023
eliobischof livio-a
amit-laish
ZITADEL's password reset does not respect the "Ignoring unknown usernames" setting Moderate
CVE-2023-44399 was published for github.com/zitadel/zitadel (Go) Oct 10, 2023
hoseph livio-a
fforootd adlerhurst
Insufficient token expiration in Serenity High
CVE-2023-31287 was published for Serenity.Net.Core (NuGet) Apr 27, 2023
Craft CMS possibility of brute force attempts Critical
CVE-2019-15929 was published for craftcms/cms (Composer) May 24, 2022
Craft CMS subject to URL forgery Moderate
CVE-2017-8385 was published for craftcms/cms (Composer) May 17, 2022
Contao Does Not Invalidate Existing Sessions When Password Changes Critical
CVE-2019-10641 was published for contao/contao (Composer) May 14, 2022
Moodle Weak Password Recovery Mechanism for Forgotten Password High
CVE-2016-7038 was published for moodle/moodle (Composer) May 13, 2022
Pagekit Weak Password Recovery Mechanism for Forgotten Password High
CVE-2017-5594 was published for pagekit/pagekit (Composer) May 13, 2022
Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password Low
CVE-2015-3189 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password Critical
CVE-2015-5172 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Improper account password reset in Craft CMS High
CVE-2022-29933 was published for craftcms/cms (Composer) May 10, 2022
Multiple valid tokens for password reset in Shopware Moderate
CVE-2022-24892 was published for shopware/shopware (Composer) Apr 28, 2022
Rate limit missing in microweber High
CVE-2022-0777 was published for microweber/microweber (Composer) Mar 2, 2022
Information exposure in xwiki-platform Moderate
CVE-2022-23619 was published for org.xwiki.platform:xwiki-platform-web (Maven) Feb 9, 2022
Umbraco Persistent Password Reset Poison High
CVE-2022-22691 was published for Umbraco.Cms.Core (NuGet) Jan 21, 2022
Weak Password Recovery Mechanism for Forgotten Password in Strapi High
CVE-2021-28128 was published for strapi (npm) Oct 6, 2021
Weak Password Recovery Mechanism for Forgotten Password High
CVE-2021-25957 was published for dolibarr/dolibarr (Composer) Sep 2, 2021
Malicious password-reset in Akaunting High
CVE-2021-36804 was published for akaunting/akaunting (Composer) Sep 1, 2021
Indico Tampering with links (e.g. password reset) in sent emails High
CVE-2021-30185 was published for indico (pip) Apr 8, 2021
Django Potential account hijack via password reset form Critical
CVE-2019-19844 was published for Django (pip) Jan 16, 2020
Strapi allows unauthenticated attacker to reset admin password without valid reset token Critical
CVE-2019-18818 was published for strapi (npm) Dec 2, 2019
ASP.NET Core allow an elevation of privilege High
CVE-2018-0787 was published for Microsoft.AspNetCore.HttpOverrides (NuGet) Oct 16, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database