Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,362
Erlang
33
GitHub Actions
22
Go
2,134
Maven
5,000+
npm
3,797
NuGet
687
pip
3,473
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

328 advisories

Loading
No protection against brute-force attacks on login page High
CVE-2023-25156 was published for kiwitcms (pip) Feb 15, 2023
Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component.... Moderate Unreviewed
CVE-2022-34389 was published Feb 11, 2023
Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined... Critical Unreviewed
CVE-2023-0574 was published Feb 9, 2023
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass the brute force protection... Critical Unreviewed
CVE-2023-24020 was published Jan 31, 2023
Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency. High Unreviewed
CVE-2023-22960 was published Jan 23, 2023
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced.... High Unreviewed
CVE-2021-27782 was published Jan 20, 2023
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Part of the application... High Unreviewed
CVE-2022-38491 was published Jan 10, 2023
usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts Moderate
CVE-2022-4797 was published for github.com/usememos/memos (Go) Dec 28, 2022
Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows... High Unreviewed
CVE-2022-26964 was published Dec 26, 2022
Planet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative... High Unreviewed
CVE-2022-45893 was published Dec 25, 2022
The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network... High Unreviewed
CVE-2022-23746 was published Nov 30, 2022
wger vulnerable to brute force attempts Critical
CVE-2022-2650 was published for wger (pip) Nov 24, 2022
Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts... High Unreviewed
CVE-2022-37772 was published Nov 23, 2022
Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon... Critical Unreviewed
CVE-2022-2166 was published Nov 16, 2022
A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by... High Unreviewed
CVE-2022-4006 was published Nov 16, 2022
Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3. Critical Unreviewed
CVE-2022-3993 was published Nov 14, 2022
Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita... Moderate Unreviewed
CVE-2022-3945 was published Nov 11, 2022
User login brute force protection functionality bypass Critical Unreviewed
CVE-2022-27516 was published Nov 9, 2022
PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by... Moderate Unreviewed
CVE-2022-44022 was published Oct 30, 2022
PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by... Moderate Unreviewed
CVE-2022-44023 was published Oct 30, 2022
Impact varies for each individual vulnerability in the application. For generation of accounts,... Critical Unreviewed
CVE-2022-3741 was published Oct 28, 2022
Kirby CMS vulnerable to user enumeration in the code-based login and password reset forms Moderate
CVE-2022-39314 was published for getkirby/cms (Composer) Oct 18, 2022
florianmrz
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in... Critical Unreviewed
CVE-2022-35846 was published Oct 18, 2022
An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate... Critical Unreviewed
CVE-2022-40055 was published Oct 17, 2022
Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote... Critical Unreviewed
CVE-2022-31228 was published Oct 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database