GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
115 advisories
Filter by severity
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to...
Critical
Unreviewed
CVE-2021-43958
was published
Mar 17, 2022
Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper restriction of excessive...
Critical
Unreviewed
CVE-2022-22561
was published
Apr 13, 2022
A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact...
Critical
Unreviewed
CVE-2013-10004
was published
May 25, 2022
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that...
Critical
Unreviewed
CVE-2022-30235
was published
Jun 3, 2022
Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict...
Critical
Unreviewed
CVE-2022-29084
was published
Jun 3, 2022
An issue in TopIDP3000 Topsec Operating System tos_3.3.005.665b.15_smpidp allows attackers to...
Critical
Unreviewed
CVE-2022-31273
was published
Jun 15, 2022
Improper Restriction of Excessive Authentication Attempts
Critical
CVE-2022-2321
was published
for
github.com/heroiclabs/nakama/v3
(Go)
Jul 6, 2022
Dell EMC PowerStore, contain(s) an Improper Restriction of Excessive Authentication Attempts...
Critical
Unreviewed
CVE-2022-31234
was published
Jul 22, 2022
An attacker can decrypt the Ovarro TBox login password by communication capture and brute force...
Critical
Unreviewed
CVE-2021-22640
was published
Jul 29, 2022
Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon...
Critical
Unreviewed
CVE-2022-2166
was published
Nov 16, 2022
A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a...
Critical
Unreviewed
CVE-2022-2457
was published
Aug 11, 2022
An issue was discovered in Gradle Enterprise 2018.5. There is a lack of lock-out after excessive...
Critical
Unreviewed
CVE-2020-15770
was published
May 24, 2022
WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the...
Critical
Unreviewed
CVE-2022-33106
was published
Oct 12, 2022
tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid...
Critical
Unreviewed
CVE-2020-15906
was published
May 24, 2022
A ZTE product is impacted by the improper access control vulnerability. Due to lack of an...
Critical
Unreviewed
CVE-2020-6875
was published
May 24, 2022
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH...
Critical
Unreviewed
CVE-2020-25196
was published
May 24, 2022
Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote...
Critical
Unreviewed
CVE-2022-31228
was published
Oct 13, 2022
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login...
Critical
Unreviewed
CVE-2020-35565
was published
May 24, 2022
LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress...
Critical
Unreviewed
CVE-2020-35590
was published
May 24, 2022
EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might...
Critical
Unreviewed
CVE-2021-27514
was published
May 24, 2022
The telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does...
Critical
Unreviewed
CVE-2021-25309
was published
May 24, 2022
Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication...
Critical
Unreviewed
CVE-2019-18235
was published
May 24, 2022
Gestsup before 3.2.10 allows account takeover through the password recovery functionality (remote...
Critical
Unreviewed
CVE-2021-31646
was published
May 24, 2022
Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and...
Critical
Unreviewed
CVE-2021-22737
was published
May 24, 2022
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access...
Critical
Unreviewed
CVE-2021-28909
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API