Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

125 advisories

Loading
DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and... Critical Unreviewed
CVE-2023-49443 was published Dec 8, 2023
EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess... Critical Unreviewed
CVE-2023-6928 was published Dec 20, 2023
Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web... Critical Unreviewed
CVE-2023-35039 was published Dec 7, 2023
kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the... Critical Unreviewed
CVE-2023-48028 was published Nov 18, 2023
Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined... Critical Unreviewed
CVE-2023-0574 was published Feb 9, 2023
The cookie session ID is of insufficient length and can be exploited by brute force, which may... Critical Unreviewed
CVE-2023-42769 was published Oct 26, 2023
Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily... Critical Unreviewed
CVE-2023-5754 was published Oct 26, 2023
Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake... Critical Unreviewed
CVE-2023-2675 was published Nov 13, 2023
AzuraCast missing brute force prevention Critical
CVE-2023-2531 was published for azuracast/azuracast (Composer) May 5, 2023
Froxlor vulnerable to Improper Restriction of Excessive Authentication Attempts Critical
CVE-2023-3173 was published for froxlor/froxlor (Composer) Jun 9, 2023
User login brute force protection functionality bypass Critical Unreviewed
CVE-2022-27516 was published Nov 9, 2022
web2py is vulnerable to password brute-force attack Critical
CVE-2016-10321 was published for web2py (pip) May 14, 2022
Pimcore 2FA Vulnerable to Brute Forcing Critical
CVE-2019-18985 was published for pimcore/pimcore (Composer) May 24, 2022
Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3. Critical Unreviewed
CVE-2022-3993 was published Nov 14, 2022
Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake... Critical Unreviewed
CVE-2023-1665 was published Mar 28, 2023
Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that... Critical Unreviewed
CVE-2022-36413 was published Mar 23, 2023
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass the brute force protection... Critical Unreviewed
CVE-2023-24020 was published Jan 31, 2023
A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3... Critical Unreviewed
CVE-2022-26314 was published Mar 9, 2022
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that... Critical Unreviewed
CVE-2022-22810 was published Feb 11, 2022
Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication... Critical Unreviewed
CVE-2022-22553 was published Jan 22, 2022
The code that performs password matching when using 'Basic' HTTP authentication does not use a... Critical Unreviewed
CVE-2021-43298 was published Jan 26, 2022
Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873... Critical Unreviewed
CVE-2021-41807 was published Jan 19, 2022
An issue in the user login box of LJCMS v1.11 allows attackers to hijack user accounts via brute... Critical Unreviewed
CVE-2020-21237 was published Dec 29, 2021
An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute... Critical Unreviewed
CVE-2020-21238 was published Dec 29, 2021
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in... Critical Unreviewed
CVE-2022-35846 was published Oct 18, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database