Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,476
Erlang
33
GitHub Actions
24
Go
2,203
Maven
5,000+
npm
3,854
NuGet
696
pip
3,639
Pub
12
RubyGems
912
Rust
913
Swift
38
Unreviewed advisories
All unreviewed
5,000+

171 advisories

Loading
An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A... Critical Unreviewed
CVE-2022-45782 was published Feb 2, 2023
In Jitsi Meet before 9391, a logic flaw in password-protected Jitsi meetings (that make use of a... High Unreviewed
CVE-2024-33530 was published May 2, 2024
The BoomBox Theme Extensions plugin for WordPress is vulnerable to privilege escalation via... High Unreviewed
CVE-2024-12295 was published Mar 19, 2025
This vulnerability exists in the CAP back office application due to a weak password-reset... High Unreviewed
CVE-2025-29995 was published Mar 13, 2025
A vulnerability was found in PHPGurukul Online Library Management System 3.0. It has been... Low Unreviewed
CVE-2025-2093 was published Mar 8, 2025
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for... High Unreviewed
CVE-2025-1570 was published Feb 28, 2025
The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak... High Unreviewed
CVE-2023-7264 was published Jun 11, 2024
Insufficient token expiration in Serenity High
CVE-2023-31287 was published for Serenity.Net.Core (NuGet) Apr 27, 2023
Missing rate limit for password resets Moderate
CVE-2023-28821 was published for concrete5/concrete5 (Composer) Apr 28, 2023
Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM)... High Unreviewed
CVE-2018-8916 was published May 13, 2022
A vulnerability, which was classified as critical, has been found in YunzMall up to 2.4.2. This... Moderate Unreviewed
CVE-2025-0331 was published Jan 9, 2025
The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2024-11350 was published Jan 8, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16... Critical Unreviewed
CVE-2023-7028 was published Jan 12, 2024
Keycloak Denial of Service via account lockout Low
CVE-2024-1722 was published for org.keycloak:keycloak-services (Maven) Jun 12, 2024
Chetven
CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password reset, leading to account... Critical Unreviewed
CVE-2024-53552 was published Dec 10, 2024
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura... Moderate Unreviewed
CVE-2022-42807 was published Jun 23, 2023
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for... Critical Unreviewed
CVE-2024-47547 was published Dec 6, 2024
This issue was addressed with improved state management. This issue is fixed in iOS 16.5 and... Moderate Unreviewed
CVE-2023-28202 was published Jun 23, 2023
The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account... Critical Unreviewed
CVE-2024-11103 was published Nov 28, 2024
The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable... High Unreviewed
CVE-2023-29145 was published Jun 30, 2023
The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows... Critical Unreviewed
CVE-2023-36487 was published Jun 29, 2023
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in... Critical Unreviewed
CVE-2021-22763 was published May 24, 2022
Liferay Portal 7.2.0 through 7.3.5, and older unsupported versions, and Liferay DXP 7.3 before... Moderate Unreviewed
CVE-2021-29038 was published Feb 21, 2024
An issue in Olive VLE allows an attacker to obtain sensitive information via the reset password... Critical Unreviewed
CVE-2024-48428 was published Oct 25, 2024
IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their... Moderate Unreviewed
CVE-2024-45670 was published Nov 14, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database