GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,227
Erlang
31
GitHub Actions
19
Go
1,991
Maven
5,000+
npm
3,708
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
eZ Platform Admin UI Password reset vulnerability
High
GHSA-hfpp-2vhw-qq43
was published
for
ezsystems/ezplatform-user
(Composer)
May 15, 2024
eZ Platform Password reset vulnerability
High
GHSA-cg84-55jx-4237
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
May 15, 2024
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass
High
CVE-2024-32868
was published
for
github.com/zitadel/zitadel
(Go)
Apr 25, 2024
CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability
High
CVE-2024-24767
was published
for
github.com/IceWhaleTech/CasaOS-UserService
(Go)
Mar 6, 2024
WWBN AVideo Improper Restriction of Excessive Authentication Attempts vulnerability
High
CVE-2023-49810
was published
for
wwbn/avideo
(Composer)
Jan 10, 2024
generator-jhipster allows a timing attack against validateToken due to a string comparison that stops at the first character
High
CVE-2015-20110
was published
for
generator-jhipster
(npm)
Oct 31, 2023
Flask-AppBuilder Has No Rate Limiting on Login AUTH DB
High
CVE-2023-29005
was published
for
Flask-AppBuilder
(pip)
Apr 10, 2023
XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor
High
CVE-2023-26476
was published
for
org.xwiki.platform:xwiki-platform-livetable-ui
(Maven)
Mar 3, 2023
Improper Restriction of Excessive Authentication Attempts in modoboa
High
CVE-2023-0860
was published
for
modoboa
(pip)
Feb 16, 2023
No protection against brute-force attacks on login page
High
CVE-2023-25156
was published
for
kiwitcms
(pip)
Feb 15, 2023
OpenStack Keystone allows information disclosure during account locking
High
CVE-2021-38155
was published
for
keystone
(pip)
May 24, 2022
OATHAuth extension in MediaWiki is not implementing rate limit
High
CVE-2020-25827
was published
for
mediawiki/core
(Composer)
May 24, 2022
Pimcore Discloses Usernames In Use
High
CVE-2019-18986
was published
for
pimcore/pimcore
(Composer)
May 24, 2022
Keycloak Improper Bruteforce Detection
High
CVE-2018-14657
was published
for
org.keycloak:keycloak-parent
(Maven)
May 13, 2022
SaltStack RSA Key Generation allows remote users to decrypt communications
High
CVE-2013-2228
was published
for
salt
(pip)
May 5, 2022
Improper Restriction of Excessive Authentication Attempts in py-bcrypt
High
CVE-2013-1895
was published
for
py-bcrypt
(pip)
Oct 12, 2021
Improper Restriction of Excessive Authentication Attempts in Argo API
High
CVE-2020-8827
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 26, 2021
Improper Restriction of Excessive Authentication Attempts in Sorcery
High
CVE-2020-11052
was published
for
sorcery
(RubyGems)
May 7, 2020
ProTip!
Advisories are also available from the
GraphQL API