Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,732
Erlang
35
GitHub Actions
29
Go
2,310
Maven
5,000+
npm
3,949
NuGet
711
pip
3,728
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

190 advisories

Loading
A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been... Critical Unreviewed
CVE-2023-0641 was published Feb 2, 2023
A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain... Critical Unreviewed
CVE-2022-32513 was published Jan 31, 2023
Publify contains Weak Password Requirements Moderate
CVE-2023-0569 was published for publify_core (RubyGems) Jan 29, 2023
Froxlor contains Weak Password Requirements High
CVE-2023-0564 was published for froxlor/froxlor (Composer) Jan 29, 2023
phpMyFAQ has Weak Password Requirements Moderate
CVE-2023-0307 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) has a Weak... Critical Unreviewed
CVE-2022-44236 was published Dec 15, 2022
A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0... High Unreviewed
CVE-2021-39434 was published Dec 6, 2022
Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting,... Critical Unreviewed
CVE-2022-45482 was published Dec 2, 2022
Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the... High Unreviewed
CVE-2022-43030 was published Nov 15, 2022
phpMyFAQ contains Weak Password Requirements Critical
CVE-2022-3754 was published for thorsten/phpmyfaq (Composer) Oct 29, 2022
etcd has no minimum password length Moderate
CVE-2020-15115 was published for go.etcd.io/etcd/client/v3 (Go) Oct 6, 2022
rdiffweb allows a new password to be the same as the previous password Moderate
CVE-2022-3376 was published for rdiffweb (pip) Oct 6, 2022
rdiffweb vulnerable to password complexity bypass leading to weak passwords Moderate
CVE-2022-3326 was published for rdiffweb (pip) Sep 30, 2022
Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2. Critical Unreviewed
CVE-2022-3268 was published Sep 23, 2022
rdiffweb contains Weak Password Requirements High
CVE-2022-3179 was published for rdiffweb (pip) Sep 14, 2022
Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain... Critical Unreviewed
CVE-2022-37164 was published Sep 9, 2022
Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially... Critical Unreviewed
CVE-2022-37163 was published Sep 9, 2022
HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password... High Unreviewed
CVE-2022-27558 was published Aug 29, 2022
RuoYi v3.8.3 has a Weak password vulnerability in the management system. Critical Unreviewed
CVE-2022-37158 was published Aug 26, 2022
Missing password strength check in notrinos/notrinos-erp High
CVE-2022-2927 was published for notrinos/notrinos-erp (Composer) Aug 23, 2022
Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the... High Unreviewed
CVE-2022-34772 was published Aug 23, 2022
Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain... Critical Unreviewed
CVE-2022-34615 was published Aug 20, 2022
Contract Management System v2.0 contains a weak default password which gives attackers to access... High Unreviewed
CVE-2022-35198 was published Aug 19, 2022
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have... Critical Unreviewed
CVE-2022-35280 was published Aug 11, 2022
Raneto v0.17.0 employs weak password complexity requirements Critical
CVE-2022-35143 was published for raneto (npm) Aug 5, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database