GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,014
Maven
5,000+
npm
3,721
NuGet
662
pip
3,393
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
51 advisories
Filter by severity
In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new...
Critical
Unreviewed
CVE-2023-49238
was published
Jan 9, 2024
An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain...
Critical
Unreviewed
CVE-2023-24049
was published
Dec 5, 2023
An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via...
Critical
Unreviewed
CVE-2023-29974
was published
Nov 8, 2023
HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the...
Critical
Unreviewed
CVE-2023-37503
was published
Oct 19, 2023
I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for...
Critical
Unreviewed
CVE-2023-37756
was published
Sep 14, 2023
There are no requirements for setting a complex password for PiiGAB M-Bus, which...
Critical
Unreviewed
CVE-2023-34995
was published
Jul 7, 2023
Apache InLong has Weak Password Requirements in Apache InLong
Critical
CVE-2023-31098
was published
for
org.apache.inlong:manager-pojo
(Maven)
Jul 6, 2023
A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been...
Critical
Unreviewed
CVE-2023-0641
was published
Feb 2, 2023
A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain...
Critical
Unreviewed
CVE-2022-32513
was published
Jan 31, 2023
Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) has a Weak...
Critical
Unreviewed
CVE-2022-44236
was published
Dec 15, 2022
Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting,...
Critical
Unreviewed
CVE-2022-45482
was published
Dec 2, 2022
phpMyFAQ contains Weak Password Requirements
Critical
CVE-2022-3754
was published
for
thorsten/phpmyfaq
(Composer)
Oct 29, 2022
Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2.
Critical
Unreviewed
CVE-2022-3268
was published
Sep 23, 2022
Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain...
Critical
Unreviewed
CVE-2022-37164
was published
Sep 9, 2022
Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially...
Critical
Unreviewed
CVE-2022-37163
was published
Sep 9, 2022
RuoYi v3.8.3 has a Weak password vulnerability in the management system.
Critical
Unreviewed
CVE-2022-37158
was published
Aug 26, 2022
Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain...
Critical
Unreviewed
CVE-2022-34615
was published
Aug 20, 2022
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have...
Critical
Unreviewed
CVE-2022-35280
was published
Aug 11, 2022
Raneto v0.17.0 employs weak password complexity requirements
Critical
CVE-2022-35143
was published
for
raneto
(npm)
Aug 5, 2022
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET...
Critical
Unreviewed
CVE-2022-31211
was published
Jul 18, 2022
Weak default root user credentials allow remote attackers to easily obtain OS superuser...
Critical
Unreviewed
CVE-2022-1668
was published
Jun 25, 2022
Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1.
Critical
Unreviewed
CVE-2022-2098
was published
Jun 17, 2022
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient...
Critical
Unreviewed
CVE-2021-38462
was published
May 24, 2022
The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and...
Critical
Unreviewed
CVE-2021-35498
was published
May 24, 2022
ECOA BAS controller uses weak set of default administrative credentials that can be easily...
Critical
Unreviewed
CVE-2021-41296
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API