Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,723
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,947
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+

224 advisories

Loading
An issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0... Critical Unreviewed
CVE-2026-34408 was published May 5, 2026
AzuraCast has Password Reset Poisoning via Untrusted X-Forwarded-Host Header that Leads to Account Takeover and 2FA Bypass High
CVE-2026-42606 was published for azuracast/azuracast (Composer) May 4, 2026
offset Credited to offset
phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link... High Unreviewed
CVE-2026-29199 was published May 4, 2026
A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some... Low Unreviewed
CVE-2026-7554 was published May 1, 2026
Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An... Moderate Unreviewed
CVE-2025-36579 was published Apr 16, 2026
An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated... High Unreviewed
CVE-2026-30459 was published Apr 16, 2026
Payload: Pre-Authentication Account Takeover via Parameter Injection in Password Recovery Critical
CVE-2026-34751 was published for @payloadcms/graphql (npm) Apr 1, 2026
wsk3r Credited to wsk3r
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Unvalidated... Moderate Unreviewed
CVE-2026-4136 was published Mar 20, 2026
Incorrect Access Control via activation token reuse on the password-reset endpoint allowing... Critical Unreviewed
CVE-2025-69614 was published Mar 10, 2026
IRRd: web UI host header injection allows password reset poisoning via attacker-controlled email links High
CVE-2026-28681 was published for irrd (pip) Mar 4, 2026
BrookeYangRui Credited to BrookeYangRui
Vikunja Vulnerable to Account Takeover via Password Reset Token Reuse Critical
CVE-2026-28268 was published for code.vikunja.io/api (Go) Feb 28, 2026
VashuVats Credited to VashuVats
Statamic is vulnerable to account takeover via password reset link injection Critical
CVE-2026-27593 was published for statamic/cms (Composer) Feb 24, 2026
Neosprings Credited to Neosprings and everythingBlackkk everythingBlackkk everythingBlackkk
funadmin has Weak Password Recovery Mechanism for Forgotten Password Low
CVE-2026-2895 was published for funadmin/funadmin (Composer) Feb 22, 2026
A security flaw has been discovered in Intelbras VIP 3260 Z IA 2.840.00IB005.0.T. Affected by... Critical Unreviewed
CVE-2026-2564 was published Feb 16, 2026
Known affected by Account Takeover via Password Reset Token Leakage Critical
CVE-2026-26273 was published for idno/known (Composer) Feb 13, 2026
IamLeandrooooo Credited to IamLeandrooooo
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to... High Unreviewed
CVE-2020-37158 was published Feb 11, 2026
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to... High Unreviewed
CVE-2020-37172 was published Feb 11, 2026
macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall... Critical Unreviewed
CVE-2026-25858 was published Feb 8, 2026
A security flaw has been discovered in Sangfor Operation and Maintenance Security Management... Moderate Unreviewed
CVE-2026-1325 was published Jan 22, 2026
Beehive Forum 1.5.2 contains a host header injection vulnerability in the forgot password... High Unreviewed
CVE-2022-50910 was published Jan 14, 2026
A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7... Critical Unreviewed
CVE-2025-63314 was published Jan 12, 2026
A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function... Moderate Unreviewed
CVE-2025-15398 was published Jan 1, 2026
The Easy Digital Downloads plugin for WordPress is vulnerable to Unvalidated Redirect in all... Moderate Unreviewed
CVE-2025-14783 was published Dec 31, 2025
LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows... High Unreviewed
CVE-2023-53958 was published Dec 19, 2025
A vulnerability was identified in Shenzhen Sixun Software Sixun Shanghui Group Business... Moderate Unreviewed
CVE-2025-14696 was published Dec 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database