Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

389 advisories

Loading
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that... High Unreviewed
CVE-2021-22818 was published Jan 29, 2022
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that... Critical Unreviewed
CVE-2022-22810 was published Feb 11, 2022
A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows... Moderate Unreviewed
CVE-2022-25820 was published Mar 11, 2022
A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3... Critical Unreviewed
CVE-2022-26314 was published Mar 9, 2022
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced.... High Unreviewed
CVE-2021-27782 was published Jan 20, 2023
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass the brute force protection... Critical Unreviewed
CVE-2023-24020 was published Jan 31, 2023
Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component.... Moderate Unreviewed
CVE-2022-34389 was published Feb 11, 2023
Improper Restriction of Excessive Authentication Attempts in modoboa High
CVE-2023-0860 was published for modoboa (pip) Feb 16, 2023
No protection against brute-force attacks on login page High
CVE-2023-25156 was published for kiwitcms (pip) Feb 15, 2023
XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor High
CVE-2023-26476 was published for org.xwiki.platform:xwiki-platform-livetable-ui (Maven) Mar 3, 2023
SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an... High Unreviewed
CVE-2023-1101 was published Mar 3, 2023
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet... Moderate Unreviewed
CVE-2023-26208 was published Mar 9, 2023
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet... Moderate Unreviewed
CVE-2023-26209 was published Mar 9, 2023
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet... Moderate Unreviewed
CVE-2022-29056 was published Mar 9, 2023
Answer has Guessable CAPTCHA Moderate
CVE-2023-1539 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that... Critical Unreviewed
CVE-2022-36413 was published Mar 23, 2023
Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake... Critical Unreviewed
CVE-2023-1665 was published Mar 28, 2023
Improper Restriction of Excessive Authentication Attempts in calibreweb Moderate
CVE-2022-2525 was published for calibreweb (pip) Apr 15, 2023
Improper Restriction of Excessive Authentication Attempts in Sorcery High
CVE-2020-11052 was published for sorcery (RubyGems) May 7, 2020
futuretap
Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3. Critical Unreviewed
CVE-2022-3993 was published Nov 14, 2022
No Restriction of Excessive Authentication Attempts in Firefly III Moderate
CVE-2021-3663 was published for grumpydictator/firefly-iii (Composer) Aug 9, 2021
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS... High Unreviewed
CVE-2021-40360 was published Feb 10, 2022
Pimcore 2FA Vulnerable to Brute Forcing Critical
CVE-2019-18985 was published for pimcore/pimcore (Composer) May 24, 2022
web2py is vulnerable to password brute-force attack Critical
CVE-2016-10321 was published for web2py (pip) May 14, 2022
OctoPrint does not have rate limiting on the login page Low
CVE-2022-2822 was published for OctoPrint (pip) Aug 16, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database