Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

60 advisories

Loading
Navicat for Oracle 12.1.15 contains a denial of service vulnerability that allows local attackers... Moderate Unreviewed
CVE-2019-25653 was published Mar 30, 2026
An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset... Critical Unreviewed
CVE-2026-30458 was published Mar 26, 2026
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication... High Unreviewed
CVE-2026-27757 was published Feb 27, 2026
EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the... High Unreviewed
CVE-2026-24443 was published Feb 24, 2026
A vulnerability was identified in vichan-devel vichan up to 5.1.5. This vulnerability affects... Moderate Unreviewed
CVE-2026-2543 was published Feb 16, 2026
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) allow account... High Unreviewed
CVE-2026-24440 was published Jan 26, 2026
A low-privileged user can bypass account credentials without confirming the user's current... High Unreviewed
CVE-2025-14751 was published Jan 23, 2026
Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules... Low Unreviewed
CVE-2025-11235 was published Jan 7, 2026
IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow could an authenticated user to change the... High Unreviewed
CVE-2025-13148 was published Dec 11, 2025
An unverified password change vulnerability [CWE-620] vulnerability in Fortinet FortiSOAR PaaS 7... Moderate Unreviewed
CVE-2025-59808 was published Dec 9, 2025
Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2... Critical Unreviewed
CVE-2025-63362 was published Dec 4, 2025
A Host Header Injection vulnerability in the password reset component in levlaz braindump v0.4.14... High Unreviewed
CVE-2025-61132 was published Oct 23, 2025
FelixRiddle dev-jobs-handlebars 1.0 uses absolute password-reset (magic) links using the... High Unreviewed
CVE-2025-61536 was published Oct 16, 2025
Aggie 2.6.1 has a Host Header injection vulnerability in the forgot password functionality,... High Unreviewed
CVE-2025-22381 was published Oct 16, 2025
The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation... Critical Unreviewed
CVE-2025-9286 was published Oct 3, 2025
An authentication bypass vulnerability allows remote attackers to gain administrative privileges... Critical Unreviewed
CVE-2025-10159 was published Sep 9, 2025
CWE-620: Unverified Password Change Moderate Unreviewed
CVE-2025-46389 was published Aug 6, 2025
The Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2025-4606 was published Jul 9, 2025
The DWT - Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2024-12827 was published Jun 27, 2025
A vulnerability was found in UTT 进取 750W up to 5.0 and classified as critical. Affected by this... Moderate Unreviewed
CVE-2025-6097 was published Jun 16, 2025
The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is... High Unreviewed
CVE-2025-5482 was published Jun 4, 2025
The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all... Critical Unreviewed
CVE-2025-4322 was published May 20, 2025
A vulnerability, which was classified as critical, was found in D-Link DI-7003GV2 24.04.18D1 R... Moderate Unreviewed
CVE-2025-4903 was published May 19, 2025
An authenticated user attempting to change their password could do so without using the current... Low Unreviewed
CVE-2025-46748 was published May 12, 2025
The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing... Critical Unreviewed
CVE-2025-4558 was published May 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database