GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
87 advisories
Filter by severity
Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss
Moderate
CVE-2024-21652
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Mar 18, 2024
Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security
Moderate
CVE-2024-21500
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
Dell RecoverPoint for Virtual Machines 5.3.x contains a brute force/dictionary attack...
Moderate
Unreviewed
CVE-2024-22425
was published
Feb 16, 2024
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection,...
Moderate
Unreviewed
CVE-2023-45190
was published
Feb 9, 2024
Devise-Two-Factor vulnerable to brute force attacks
Moderate
CVE-2024-0227
was published
for
devise-two-factor
(RubyGems)
Jan 12, 2024
•
withdrawn
A vulnerability was found in Thecosy IceCMS 2.0.1. It has been classified as problematic....
Moderate
Unreviewed
CVE-2023-6756
was published
Dec 13, 2023
LibreNMS vulnerable to rate limiting bypass on login page
Moderate
CVE-2023-46745
was published
for
librenms/librenms
(Composer)
Nov 17, 2023
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail...
Moderate
Unreviewed
CVE-2023-45582
was published
Nov 14, 2023
The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute...
Moderate
Unreviewed
CVE-2023-42480
was published
Nov 14, 2023
Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric...
Moderate
Unreviewed
CVE-2023-4625
was published
Nov 6, 2023
A vulnerability was found in PHPGurukul Online Shopping Portal 1.0. It has been declared as...
Moderate
Unreviewed
CVE-2023-3605
was published
Jul 10, 2023
The captive portal in Inpiazza Cloud WiFi versions prior to v4.2.17 does not enforce limits on...
Moderate
Unreviewed
CVE-2023-33754
was published
Jun 1, 2023
Improper Restriction of Excessive Authentication Attempts in calibreweb
Moderate
CVE-2022-2525
was published
for
calibreweb
(pip)
Apr 15, 2023
Answer has Guessable CAPTCHA
Moderate
CVE-2023-1539
was published
for
github.com/answerdev/answer
(Go)
Mar 21, 2023
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet...
Moderate
Unreviewed
CVE-2023-26209
was published
Mar 9, 2023
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet...
Moderate
Unreviewed
CVE-2022-29056
was published
Mar 9, 2023
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet...
Moderate
Unreviewed
CVE-2023-26208
was published
Mar 9, 2023
Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component....
Moderate
Unreviewed
CVE-2022-34389
was published
Feb 11, 2023
usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts
Moderate
CVE-2022-4797
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita...
Moderate
Unreviewed
CVE-2022-3945
was published
Nov 11, 2022
PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by...
Moderate
Unreviewed
CVE-2022-44023
was published
Oct 30, 2022
PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by...
Moderate
Unreviewed
CVE-2022-44022
was published
Oct 30, 2022
Kirby CMS vulnerable to user enumeration in the code-based login and password reset forms
Moderate
CVE-2022-39314
was published
for
getkirby/cms
(Composer)
Oct 18, 2022
WiseConnect - ScreenConnect Session Code Bypass. An attacker would have to use a proxy to monitor...
Moderate
Unreviewed
CVE-2022-36781
was published
Sep 29, 2022
There is a password verification vulnerability in WS7200-10 11.0.2.13. Attackers on the LAN may...
Moderate
Unreviewed
CVE-2022-33735
was published
Sep 21, 2022
ProTip!
Advisories are also available from the
GraphQL API