Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

389 advisories

Loading
There is no limit on the number of failed login attempts permitted with the Clinician Password or... Critical Unreviewed
CVE-2024-9832 was published Nov 14, 2024
phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block... Moderate Unreviewed
CVE-2024-0787 was published Nov 15, 2024
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass High
CVE-2024-32868 was published for github.com/zitadel/zitadel (Go) Apr 25, 2024
livio-a Skelmis
itz-d0dgy amit-laish muhlemmer peintnermax
Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulnerability allows... High Unreviewed
CVE-2024-5716 was published Nov 22, 2024
Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Improper Restriction of... High Unreviewed
CVE-2024-49597 was published Nov 26, 2024
A vulnerability exists in NSD570 login panel that does not restrict excessive authentication... Moderate Unreviewed
CVE-2024-9928 was published Nov 26, 2024
An issue in the BYD Dilink Headunit System v3.0 to v4.0 allows attackers to bypass authentication... Critical Unreviewed
CVE-2024-46442 was published Dec 10, 2024
Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability. An improper Restriction of... Moderate Unreviewed
CVE-2024-38488 was published Dec 13, 2024
Trend Micro ID Security, version 3.0 and below contains a vulnerability that could allow an... Moderate Unreviewed
CVE-2024-53647 was published Dec 31, 2024
JATOS 3.9.4 contains a denial-of-service (DoS) vulnerability in the authentication system, where... High Unreviewed
CVE-2024-55008 was published Jan 7, 2025
Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss Critical
CVE-2024-21652 was published for github.com/argoproj/argo-cd/v2 (Go) Mar 18, 2024
nadava669 pasha-codefresh
jannfis crenshaw-dev todaywasawesome
ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a... Moderate Unreviewed
CVE-2022-30076 was published Apr 16, 2023
An Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Networks... Moderate Unreviewed
CVE-2024-30390 was published Apr 12, 2024
Withdrawn Advisory: Sylius allows unrestricted brute-force attacks on user accounts Moderate
CVE-2024-57610 was published for sylius/sylius (Composer) Feb 6, 2025 withdrawn
GSadee
KioWare for Windows (versions all through 8.35) allows to brute force the PIN number, which... Moderate Unreviewed
CVE-2024-3461 was published May 14, 2024
Improper Restriction of Excessive Authentication Attempts vulnerability in Rameez Iqbal Real... Moderate Unreviewed
CVE-2025-22645 was published Feb 18, 2025
Authelia applies regulation separately to Username-based logins to Email-based logins Low
CVE-2025-24806 was published for github.com/authelia/authelia/v4 (Go) Feb 19, 2025
tsschaffert Ahrdie
caesarakalaeii
A vulnerability was found in Excitel Broadband Private my Excitel App 3.13.0 on Android. It has... Moderate Unreviewed
CVE-2025-1629 was published Feb 24, 2025
Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate... Critical Unreviewed
CVE-2023-27100 was published Mar 23, 2023
IBM Concert Software 1.0.5 uses an inadequate account lockout setting that could allow a remote... High Unreviewed
CVE-2024-51476 was published Mar 6, 2025
Flask-AppBuilder Has No Rate Limiting on Login AUTH DB High
CVE-2023-29005 was published for Flask-AppBuilder (pip) Apr 10, 2023
A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS)... Critical Unreviewed
CVE-2023-24080 was published Feb 22, 2023
HCL MyXalytics is affected by concurrent login vulnerability. A concurrent login vulnerability... Low Unreviewed
CVE-2024-42176 was published Mar 19, 2025
Easy!Appointments Improper Restriction of Excessive Authentication Attempts Critical
CVE-2024-57602 was published for alextselegidis/easyappointments (Composer) Feb 13, 2025
langgenius/dify version v0.10.1 contains a vulnerability where there are no limits applied to the... High Unreviewed
CVE-2024-12039 was published Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database