Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

158 advisories

Loading
phpMyFAQ has Weak Password Requirements Moderate
CVE-2023-0307 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) has a Weak... Critical Unreviewed
CVE-2022-44236 was published Dec 15, 2022
A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0... High Unreviewed
CVE-2021-39434 was published Dec 6, 2022
Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting,... Critical Unreviewed
CVE-2022-45482 was published Dec 2, 2022
Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the... High Unreviewed
CVE-2022-43030 was published Nov 15, 2022
phpMyFAQ contains Weak Password Requirements Critical
CVE-2022-3754 was published for thorsten/phpmyfaq (Composer) Oct 29, 2022
etcd has no minimum password length Moderate
CVE-2020-15115 was published for go.etcd.io/etcd/client/v3 (Go) Oct 6, 2022
rdiffweb allows a new password to be the same as the previous password Moderate
CVE-2022-3376 was published for rdiffweb (pip) Oct 6, 2022
rdiffweb vulnerable to password complexity bypass leading to weak passwords Moderate
CVE-2022-3326 was published for rdiffweb (pip) Sep 30, 2022
Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2. Critical Unreviewed
CVE-2022-3268 was published Sep 23, 2022
rdiffweb 2.4.1 contains Weak Password Requirements High
CVE-2022-3179 was published for rdiffweb (pip) Sep 14, 2022
Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially... Critical Unreviewed
CVE-2022-37163 was published Sep 9, 2022
Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain... Critical Unreviewed
CVE-2022-37164 was published Sep 9, 2022
HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password... High Unreviewed
CVE-2022-27558 was published Aug 29, 2022
RuoYi v3.8.3 has a Weak password vulnerability in the management system. Critical Unreviewed
CVE-2022-37158 was published Aug 26, 2022
Missing password strength check in notrinos/notrinos-erp High
CVE-2022-2927 was published for notrinos/notrinos-erp (Composer) Aug 23, 2022
Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the... High Unreviewed
CVE-2022-34772 was published Aug 23, 2022
Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain... Critical Unreviewed
CVE-2022-34615 was published Aug 20, 2022
Contract Management System v2.0 contains a weak default password which gives attackers to access... High Unreviewed
CVE-2022-35198 was published Aug 19, 2022
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have... Critical Unreviewed
CVE-2022-35280 was published Aug 11, 2022
Raneto v0.17.0 employs weak password complexity requirements Critical
CVE-2022-35143 was published for raneto (npm) Aug 5, 2022
BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a... High Unreviewed
CVE-2022-36301 was published Aug 2, 2022
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET... Critical Unreviewed
CVE-2022-31211 was published Jul 18, 2022
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices,... High Unreviewed
CVE-2022-28377 was published Jul 15, 2022
Weak default root user credentials allow remote attackers to easily obtain OS superuser... Critical Unreviewed
CVE-2022-1668 was published Jun 25, 2022
ProTip! Advisories are also available from the GraphQL API