Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

71 advisories

Loading
The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover... Critical Unreviewed
CVE-2025-3603 was published Apr 24, 2025
The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege... High Unreviewed
CVE-2025-3607 was published Apr 24, 2025
The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to,... Critical Unreviewed
CVE-2023-2449 was published Nov 22, 2023
The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation... Critical Unreviewed
CVE-2025-9286 was published Oct 3, 2025
The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up... High Unreviewed
CVE-2023-4214 was published Nov 18, 2023
Navicat for Oracle 12.1.15 contains a denial of service vulnerability that allows local attackers... Moderate Unreviewed
CVE-2019-25653 was published Mar 30, 2026
An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset... Critical Unreviewed
CVE-2026-30458 was published Mar 26, 2026
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication... High Unreviewed
CVE-2026-27757 was published Feb 27, 2026
EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the... High Unreviewed
CVE-2026-24443 was published Feb 24, 2026
A vulnerability was identified in vichan-devel vichan up to 5.1.5. This vulnerability affects... Moderate Unreviewed
CVE-2026-2543 was published Feb 16, 2026
Aggie 2.6.1 has a Host Header injection vulnerability in the forgot password functionality,... High Unreviewed
CVE-2025-22381 was published Oct 16, 2025
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) allow account... High Unreviewed
CVE-2026-24440 was published Jan 26, 2026
A low-privileged user can bypass account credentials without confirming the user's current... High Unreviewed
CVE-2025-14751 was published Jan 23, 2026
Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules... Low Unreviewed
CVE-2025-11235 was published Jan 7, 2026
IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow could an authenticated user to change the... High Unreviewed
CVE-2025-13148 was published Dec 11, 2025
Ibexa User Bundle is missing password change validation Critical
CVE-2025-67719 was published for ibexa/user (Composer) Dec 10, 2025
An unverified password change vulnerability [CWE-620] vulnerability in Fortinet FortiSOAR PaaS 7... Moderate Unreviewed
CVE-2025-59808 was published Dec 9, 2025
Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2... Critical Unreviewed
CVE-2025-63362 was published Dec 4, 2025
Flowise does not Prevent Bypass of Password Confirmation - Unverified Password Change High
GHSA-fjh6-8679-9pch was published for flowise-ui (npm) Nov 14, 2025
mbiesiad Credited to mbiesiad
Flowise doesn't Prevent Bypass of Password Confirmation through Unverified Email Change (credentials) High
GHSA-x39m-3393-3qp4 was published for flowise-ui (npm) Nov 14, 2025
mbiesiad Credited to mbiesiad
pimcore/admin-ui-classic-bundle Unverified Password Change Moderate
CVE-2023-5844 was published for pimcore/admin-ui-classic-bundle (Composer) Oct 31, 2023
Th3l0newolf Credited to Th3l0newolf and tjuyuxinzhang tjuyuxinzhang tjuyuxinzhang
The password change function at /cgi/admin.cgi does not require the current/old password, which... High Unreviewed
CVE-2024-28143 was published Dec 12, 2024
A Host Header Injection vulnerability in the password reset component in levlaz braindump v0.4.14... High Unreviewed
CVE-2025-61132 was published Oct 23, 2025
FelixRiddle dev-jobs-handlebars 1.0 uses absolute password-reset (magic) links using the... High Unreviewed
CVE-2025-61536 was published Oct 16, 2025
Improper authentication in zenml Low
CVE-2024-2213 was published for zenml (pip) Jun 6, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database