Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

316 advisories

Loading
Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts... High Unreviewed
CVE-2022-37772 was published Nov 23, 2022
A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by... High Unreviewed
CVE-2022-4006 was published Nov 16, 2022
Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon... Critical Unreviewed
CVE-2022-2166 was published Nov 16, 2022
Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3. Critical Unreviewed
CVE-2022-3993 was published Nov 14, 2022
Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita... Moderate Unreviewed
CVE-2022-3945 was published Nov 11, 2022
User login brute force protection functionality bypass Critical Unreviewed
CVE-2022-27516 was published Nov 9, 2022
PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by... Moderate Unreviewed
CVE-2022-44022 was published Oct 30, 2022
PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by... Moderate Unreviewed
CVE-2022-44023 was published Oct 30, 2022
Impact varies for each individual vulnerability in the application. For generation of accounts,... Critical Unreviewed
CVE-2022-3741 was published Oct 28, 2022
Kirby CMS vulnerable to user enumeration in the code-based login and password reset forms Moderate
CVE-2022-39314 was published for getkirby/cms (Composer) Oct 18, 2022
florianmrz
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in... Critical Unreviewed
CVE-2022-35846 was published Oct 18, 2022
An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate... Critical Unreviewed
CVE-2022-40055 was published Oct 17, 2022
Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote... Critical Unreviewed
CVE-2022-31228 was published Oct 13, 2022
WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the... Critical Unreviewed
CVE-2022-33106 was published Oct 12, 2022
WiseConnect - ScreenConnect Session Code Bypass. An attacker would have to use a proxy to monitor... Moderate Unreviewed
CVE-2022-36781 was published Sep 29, 2022
There is a password verification vulnerability in WS7200-10 11.0.2.13. Attackers on the LAN may... Moderate Unreviewed
CVE-2022-33735 was published Sep 21, 2022
The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission... High Unreviewed
CVE-2022-37144 was published Sep 9, 2022
The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts... High Unreviewed
CVE-2022-37145 was published Sep 9, 2022
OctoPrint does not have rate limiting on the login page Low
CVE-2022-2822 was published for OctoPrint (pip) Aug 16, 2022
A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a... Critical Unreviewed
CVE-2022-2457 was published Aug 11, 2022
Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has a prevention against brute-force... Critical Unreviewed
CVE-2022-35490 was published Aug 9, 2022
An attacker can decrypt the Ovarro TBox login password by communication capture and brute force... Critical Unreviewed
CVE-2021-22640 was published Jul 29, 2022
Dell EMC PowerStore, contain(s) an Improper Restriction of Excessive Authentication Attempts... Critical Unreviewed
CVE-2022-31234 was published Jul 22, 2022
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control.... Moderate Unreviewed
CVE-2022-24689 was published Jul 19, 2022
IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could... High Unreviewed
CVE-2022-22452 was published Jul 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database