Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

106 advisories

Loading
There is no limit on the number of failed login attempts permitted with the Clinician Password or... Critical Unreviewed
CVE-2024-9832 was published Nov 14, 2024
This vulnerability exists in the Wave 2.0 due to missing restrictions for excessive failed... Critical Unreviewed
CVE-2024-51558 was published Nov 4, 2024
A lack of rate limiting in the OTP validation component of Digitory Multi Channel Integrated POS... Critical Unreviewed
CVE-2024-48143 was published Oct 24, 2024
This vulnerability exists in Shilpi Client Dashboard due to missing restrictions for incorrect... Critical Unreviewed
CVE-2024-47656 was published Oct 4, 2024
A vulnerability in Kaiten version 57.131.12 and earlier allows attackers to bypass the PIN code... Critical Unreviewed
CVE-2024-41276 was published Oct 1, 2024
This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive... Critical Unreviewed
CVE-2024-47088 was published Sep 19, 2024
An issue was discovered in Bravura Security Fabric versions 12.3.x before 12.3.5.32784, 12.4.x... Critical Unreviewed
CVE-2024-45523 was published Sep 18, 2024
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for... Critical Unreviewed
CVE-2024-45790 was published Sep 11, 2024
Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute... Critical Unreviewed
CVE-2024-43042 was published Aug 16, 2024
Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions... Critical Unreviewed
CVE-2024-42465 was published Aug 16, 2024
Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions... Critical Unreviewed
CVE-2024-42466 was published Aug 16, 2024
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000... Critical Unreviewed
CVE-2024-39225 was published Aug 6, 2024
CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that... Critical Unreviewed
CVE-2024-2051 was published Mar 18, 2024
SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts,... Critical Unreviewed
CVE-2023-33759 was published Jan 25, 2024
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow... Critical Unreviewed
CVE-2024-22317 was published Jan 18, 2024
Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows... Critical Unreviewed
CVE-2023-27172 was published Dec 20, 2023
EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess... Critical Unreviewed
CVE-2023-6928 was published Dec 20, 2023
The Theme My Login 2FA WordPress plugin before 1.2 does not rate limit 2FA validation attempts,... Critical Unreviewed
CVE-2023-6272 was published Dec 18, 2023
DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and... Critical Unreviewed
CVE-2023-49443 was published Dec 8, 2023
Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web... Critical Unreviewed
CVE-2023-35039 was published Dec 7, 2023
A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows... Critical Unreviewed
CVE-2023-24051 was published Dec 5, 2023
kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the... Critical Unreviewed
CVE-2023-48028 was published Nov 18, 2023
Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake... Critical Unreviewed
CVE-2023-2675 was published Nov 13, 2023
Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily... Critical Unreviewed
CVE-2023-5754 was published Oct 26, 2023
The cookie session ID is of insufficient length and can be exploited by brute force, which may... Critical Unreviewed
CVE-2023-42769 was published Oct 26, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database