Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,656
Maven
5,000+
npm
4,284
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

194 advisories

Loading
Shopware 6's password recovery link does not expire after email change Moderate
GHSA-2w46-vq8h-98vh was published for shopware/core (Composer) Nov 14, 2025
FlorianKe
Credited to FlorianKe
EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing... Critical Unreviewed
CVE-2025-12866 was published Nov 10, 2025
ZITADEL Vulnerable to Account Takeover via Malicious Forwarded Header Injection High
CVE-2025-64101 was published for github.com/zitadel/zitadel/v2 (Go) Oct 29, 2025
amit-laish livio-a
IAM-marco
Credited to amit-laish, livio-a, and IAM-marco
A weak password recovery mechanism for forgotten password vulnerability was discovered in... High Unreviewed
CVE-2025-61977 was published Oct 24, 2025
Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on... Moderate Unreviewed
CVE-2025-56748 was published Oct 15, 2025
VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated... High Unreviewed
CVE-2025-41251 was published Sep 29, 2025
A vulnerability has been found in Wavlink WL-WN578W2 221110. The affected element is an unknown... Moderate Unreviewed
CVE-2025-10322 was published Sep 12, 2025
Daikin Security Gateway is vulnerable to an authorization bypass through a user-controlled key... High Unreviewed
CVE-2025-10127 was published Sep 11, 2025
Weak Password Recovery Mechanism for Forgotten Password vulnerability in Hossein Material... Critical Unreviewed
CVE-2025-32486 was published Sep 9, 2025
A vulnerability in the password reset workflow of the Touch Lebanon Mobile App 2.20.2 allows an... High Unreviewed
CVE-2025-50503 was published Aug 20, 2025
Firefox for iOS would not respect a Content-Disposition header of type Attachment and would... Moderate Unreviewed
CVE-2025-55030 was published Aug 19, 2025
An issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settings... Critical Unreviewed
CVE-2025-50594 was published Aug 13, 2025
A vulnerability classified as problematic was found in jshERP up to 3.5. Affected by this... Moderate Unreviewed
CVE-2025-7948 was published Jul 22, 2025
A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been declared... Moderate Unreviewed
CVE-2025-7881 was published Jul 20, 2025
IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow... Moderate Unreviewed
CVE-2024-43190 was published Jul 7, 2025
flask-boilerplate through a170e7c allows account takeover via the password reset feature because... Critical Unreviewed
CVE-2025-43931 was published Jul 7, 2025
JobCenter through 7e7b0b2 allows account takeover via the password reset feature because... Critical Unreviewed
CVE-2025-43932 was published Jul 7, 2025
Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. This... Critical Unreviewed
CVE-2025-6216 was published Jun 23, 2025
Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW... Critical Unreviewed
CVE-2025-47646 was published May 23, 2025
Weak Password Recovery Mechanism for Forgotten Password vulnerability in videowhisper Paid... Critical Unreviewed
CVE-2025-31380 was published Apr 17, 2025
The BoomBox Theme Extensions plugin for WordPress is vulnerable to privilege escalation via... High Unreviewed
CVE-2024-12295 was published Mar 19, 2025
This vulnerability exists in the CAP back office application due to a weak password-reset... High Unreviewed
CVE-2025-29995 was published Mar 13, 2025
A vulnerability was found in PHPGurukul Online Library Management System 3.0. It has been... Low Unreviewed
CVE-2025-2093 was published Mar 8, 2025
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for... High Unreviewed
CVE-2025-1570 was published Feb 28, 2025
Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an... Moderate Unreviewed
CVE-2025-1231 was published Feb 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database