Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,311
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

43 advisories

Loading
TYPO3 Unverified Password Change for Backend Users Low
CVE-2025-47938 was published for typo3/cms-core (Composer) May 20, 2025
bnf
The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all... Critical Unreviewed
CVE-2025-4322 was published May 20, 2025
A vulnerability, which was classified as critical, was found in D-Link DI-7003GV2 24.04.18D1 R... Moderate Unreviewed
CVE-2025-4903 was published May 19, 2025
An authenticated user attempting to change their password could do so without using the current... Low Unreviewed
CVE-2025-46748 was published May 12, 2025
The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing... Critical Unreviewed
CVE-2025-4558 was published May 12, 2025
A vulnerability has been found in ContiNew Admin up to 3.6.0 and classified as problematic.... Moderate Unreviewed
CVE-2025-4552 was published May 12, 2025
The IMITHEMES Listing plugin is vulnerable to privilege escalation via account takeover in all... Critical Unreviewed
CVE-2025-2253 was published May 9, 2025
Unverified Password Change for ANC software that allows an authenticated attacker to bypass the... Low Unreviewed
CVE-2024-47784 was published Apr 30, 2025
The Buddypress Force Password Change plugin for WordPress is vulnerable to authenticated account... Moderate Unreviewed
CVE-2025-3793 was published Apr 24, 2025
The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover... Critical Unreviewed
CVE-2025-3603 was published Apr 24, 2025
The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege... High Unreviewed
CVE-2025-3607 was published Apr 24, 2025
A vulnerability classified as problematic was found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0.... Moderate Unreviewed
CVE-2025-3849 was published Apr 22, 2025
A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote... Critical Unreviewed
CVE-2024-48887 was published Apr 8, 2025
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web... Moderate Unreviewed
CVE-2024-41796 was published Apr 8, 2025
The Exertio Framework plugin for WordPress is vulnerable to privilege escalation via account... High Unreviewed
CVE-2024-13373 was published Mar 1, 2025
The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation... Critical Unreviewed
CVE-2024-12824 was published Mar 1, 2025
The CarSpot – Dealership Wordpress Classified Theme theme for WordPress is vulnerable to... Critical Unreviewed
CVE-2024-12860 was published Feb 18, 2025
Unverified password change vulnerability in Janto, versions prior to r12. This could allow an... Critical Unreviewed
CVE-2025-1107 was published Feb 7, 2025
IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0... Moderate Unreviewed
CVE-2024-45647 was published Jan 20, 2025
The Adifier System plugin for WordPress is vulnerable to privilege escalation via account... Critical Unreviewed
CVE-2024-13375 was published Jan 18, 2025
The password change function at /cgi/admin.cgi does not require the current/old password, which... High Unreviewed
CVE-2024-28143 was published Dec 12, 2024
OctoPrint has API key access in settings without reauthentication Moderate
CVE-2024-51493 was published for OctoPrint (pip) Nov 5, 2024
jacopotediosi
The LevelOne WBR-6012 router's web application has a vulnerability in its firmware version R0... Critical Unreviewed
CVE-2024-33699 was published Oct 30, 2024
The BA Book Everything plugin for WordPress is vulnerable to arbitrary password reset in all... Moderate Unreviewed
CVE-2024-8794 was published Sep 24, 2024
A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2... Moderate Unreviewed
CVE-2024-21757 was published Aug 13, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database