Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

389 advisories

Loading
Improper Restriction of Excessive Authentication Attempts vulnerability in BG-TEK Coslat Hotspot... Moderate Unreviewed
CVE-2025-1496 was published Mar 20, 2025
Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability... Moderate Unreviewed
CVE-2024-1345 was published Feb 19, 2024
A lack of rate limiting in the login page of Safe App version a3.0.9 allows attackers to bypass... Critical Unreviewed
CVE-2025-25595 was published Mar 18, 2025
Unauthorised access to the call forwarding service system in MeetMe products in versions prior to... Moderate Unreviewed
CVE-2025-2911 was published Mar 28, 2025
Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The... High Unreviewed
CVE-2025-0417 was published Apr 1, 2025
Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency. High Unreviewed
CVE-2023-22960 was published Jan 23, 2023
CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability High
CVE-2024-24767 was published for github.com/IceWhaleTech/CasaOS-UserService (Go) Mar 6, 2024
DrDark1999
A vulnerability classified as problematic was found in ScriptAndTools eCommerce-website-in-PHP 3... Moderate Unreviewed
CVE-2025-3556 was published Apr 14, 2025
Planet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative... High Unreviewed
CVE-2022-45893 was published Dec 25, 2022
Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code... Moderate Unreviewed
CVE-2025-3129 was published Apr 3, 2025
A vulnerability classified as problematic has been found in ScriptAndTools eCommerce-website-in... Moderate Unreviewed
CVE-2025-3555 was published Apr 14, 2025
An attacker can decrypt the Ovarro TBox login password by communication capture and brute force... Critical Unreviewed
CVE-2021-22640 was published Jul 29, 2022
Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication... Critical Unreviewed
CVE-2016-9124 was published May 13, 2022
A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could... High Unreviewed
CVE-2017-12316 was published May 13, 2022
This vulnerability exists in Meon KYC solutions due to missing restrictions on the number of... High Unreviewed
CVE-2025-42600 was published Apr 23, 2025
Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 does not mitigate against... High Unreviewed
CVE-2022-40903 was published Nov 15, 2022
Agentflow from Flowring Technology has an Account Lockout Bypass vulnerability, allowing... Critical Unreviewed
CVE-2025-3709 was published May 2, 2025
Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows... Critical Unreviewed
CVE-2023-27172 was published Dec 20, 2023
A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco... Moderate Unreviewed
CVE-2025-20196 was published May 7, 2025
An unauthenticated user could discover account credentials via a brute-force attack without rate... High Unreviewed
CVE-2025-46739 was published May 12, 2025
An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions... High Unreviewed
CVE-2022-3031 was published Oct 17, 2022
An issue in the userId parameter in the change password function of Flytxt NEON-dX v0.0.1... Moderate Unreviewed
CVE-2023-34732 was published May 12, 2025
RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute... Critical Unreviewed
CVE-2025-48187 was published May 17, 2025
Password guessing limits could be bypassed when using LDAP authentication. High Unreviewed
CVE-2025-48014 was published May 20, 2025
An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to... Moderate Unreviewed
CVE-2024-24721 was published Feb 27, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database