Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Loading
Kirby CMS vulnerable to user enumeration in the code-based login and password reset forms Moderate
CVE-2022-39314 was published for getkirby/cms (Composer) Oct 18, 2022
florianmrz
usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts Moderate
CVE-2022-4797 was published for github.com/usememos/memos (Go) Dec 28, 2022
Answer has Guessable CAPTCHA Moderate
CVE-2023-1539 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Improper Restriction of Excessive Authentication Attempts in calibreweb Moderate
CVE-2022-2525 was published for calibreweb (pip) Apr 15, 2023
No Restriction of Excessive Authentication Attempts in Firefly III Moderate
CVE-2021-3663 was published for grumpydictator/firefly-iii (Composer) Aug 9, 2021
LibreNMS vulnerable to rate limiting bypass on login page Moderate
CVE-2023-46745 was published for librenms/librenms (Composer) Nov 17, 2023
rook1337
Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security Moderate
CVE-2024-21500 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Devise-Two-Factor vulnerable to brute force attacks Moderate
CVE-2024-0227 was published for devise-two-factor (RubyGems) Jan 12, 2024 withdrawn
bsedat
Bypassing Rate Limit and Brute Force Protection Using Cache Overflow Moderate
CVE-2024-21662 was published for github.com/argoproj/argo-cd/v2 (Go) Mar 18, 2024
nadava669 pasha-codefresh
crenshaw-dev todaywasawesome jannfis
Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss Moderate
CVE-2024-21652 was published for github.com/argoproj/argo-cd/v2 (Go) Mar 18, 2024
nadava669 pasha-codefresh
jannfis crenshaw-dev todaywasawesome
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass Moderate
CVE-2024-32868 was published for github.com/zitadel/zitadel (Go) Apr 25, 2024
livio-a Skelmis
itz-d0dgy amit-laish muhlemmer peintnermax
Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill Moderate
CVE-2024-8462 was published for github.com/windmill-labs/windmill (Go) Sep 5, 2024
Keycloak Services has a potential bypass of brute force protection Moderate
CVE-2024-4629 was published for org.keycloak:keycloak-services (Maven) Sep 17, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database