Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

389 advisories

Loading
IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a... Critical Unreviewed
CVE-2018-1475 was published May 13, 2022
A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker... Moderate Unreviewed
CVE-2018-16703 was published May 13, 2022
An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. An adversary can... Critical Unreviewed
CVE-2018-12649 was published May 13, 2022
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force... Critical Unreviewed
CVE-2018-12993 was published May 13, 2022
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell... Critical Unreviewed
CVE-2017-7898 was published May 13, 2022
htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through... High Unreviewed
CVE-2017-14423 was published May 13, 2022
IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account lockout setting that could... Critical Unreviewed
CVE-2017-1197 was published May 13, 2022
phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in... Critical Unreviewed
CVE-2017-11187 was published May 13, 2022
An improper restriction of excessive authentication attempts vulnerability in /principals in... Critical Unreviewed
CVE-2017-15887 was published May 13, 2022
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell... Critical Unreviewed
CVE-2017-7915 was published May 13, 2022
When the device is configured to perform account lockout with a defined period of time, any... Moderate Unreviewed
CVE-2017-10604 was published May 13, 2022
Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior... Critical Unreviewed
CVE-2018-11082 was published May 13, 2022
Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method... Critical Unreviewed
CVE-2018-15759 was published May 13, 2022
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an inadequate account lockout... Critical Unreviewed
CVE-2018-1373 was published May 13, 2022
An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate... Critical Unreviewed
CVE-2022-40055 was published Oct 17, 2022
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Belden... Critical Unreviewed
CVE-2018-5469 was published May 13, 2022
Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account... Critical Unreviewed
CVE-2021-37934 was published Dec 11, 2021
Missing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase®... Critical Unreviewed
CVE-2021-42544 was published Dec 1, 2021
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting... High Unreviewed
CVE-2021-38890 was published Nov 24, 2021
An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before... Critical Unreviewed
CVE-2018-19879 was published May 13, 2022
index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginForm... Critical Unreviewed
CVE-2018-19548 was published May 13, 2022
Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication... Critical Unreviewed
CVE-2019-6524 was published May 13, 2022
IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a... High Unreviewed
CVE-2019-4520 was published May 24, 2022
If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The... High Unreviewed
CVE-2019-0039 was published May 13, 2022
Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has a prevention against brute-force... Critical Unreviewed
CVE-2022-35490 was published Aug 9, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database