GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
21 advisories
Filter by severity
A CWE-620: Unverified Password Change vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4...
Moderate
Unreviewed
CVE-2021-22773
was published
May 24, 2022
Unverified Password Change in GitHub repository phpfusion/phpfusion prior to 9.10.20.
High
Unreviewed
CVE-2022-3152
was published
Sep 8, 2022
Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
Moderate
Unreviewed
CVE-2023-4381
was published
Aug 16, 2023
Unverified Password Change in GitHub repository tsolucio/corebos prior to 8.
High
Unreviewed
CVE-2023-3069
was published
Jun 2, 2023
pimcore/admin-ui-classic-bundle Unverified Password Change
Moderate
CVE-2023-5844
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Oct 31, 2023
Expired tokens can be renewed without validating the account password
High
GHSA-9wgg-m99q-hhfc
was published
for
emailproxy
(pip)
Dec 19, 2023
OctoPrint Unverified Password Change via Access Control Settings
Moderate
CVE-2024-23637
was published
for
OctoPrint
(pip)
Jan 31, 2024
A vulnerability, which was classified as problematic, was found in Poly CCX 400, CCX 600, Trio...
Low
Unreviewed
CVE-2023-4465
was published
Dec 29, 2023
The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable...
High
Unreviewed
CVE-2023-2297
was published
Jul 6, 2023
The WP User Control plugin for WordPress is vulnerable to unauthorized password resets in...
Moderate
Unreviewed
CVE-2023-4915
was published
Sep 13, 2023
Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process
High
CVE-2024-34077
was published
for
mantisbt/mantisbt
(Composer)
May 13, 2024
An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote...
High
Unreviewed
CVE-2024-27715
was published
Jul 5, 2024
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5...
Critical
Unreviewed
CVE-2024-37998
was published
Jul 22, 2024
An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive...
Critical
Unreviewed
CVE-2024-26520
was published
Jul 26, 2024
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem...
Critical
Unreviewed
CVE-2024-20419
was published
Jul 17, 2024
A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2...
Moderate
Unreviewed
CVE-2024-21757
was published
Aug 13, 2024
The BA Book Everything plugin for WordPress is vulnerable to arbitrary password reset in all...
Moderate
Unreviewed
CVE-2024-8794
was published
Sep 24, 2024
The LevelOne WBR-6012 router's web application has a vulnerability in its firmware version R0...
Critical
Unreviewed
CVE-2024-33699
was published
Oct 30, 2024
Unverified Password Change in OctoPrint
Moderate
CVE-2022-2930
was published
for
OctoPrint
(pip)
Aug 23, 2022
The password change function at /cgi/admin.cgi does not require the current/old password, which...
High
Unreviewed
CVE-2024-28143
was published
Dec 12, 2024
OctoPrint has API key access in settings without reauthentication
Moderate
CVE-2024-51493
was published
for
OctoPrint
(pip)
Nov 5, 2024
ProTip!
Advisories are also available from the
GraphQL API