Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

307 advisories

Loading
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 ... High Unreviewed
CVE-2022-24044 was published May 21, 2022
The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated... Moderate Unreviewed
CVE-2014-2875 was published May 17, 2022
web2py is vulnerable to password brute-force attack Critical
CVE-2016-10321 was published for web2py (pip) May 14, 2022
A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker... Moderate Unreviewed
CVE-2018-16703 was published May 13, 2022
IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a... Critical Unreviewed
CVE-2018-1475 was published May 13, 2022
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force... Critical Unreviewed
CVE-2018-12993 was published May 13, 2022
An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. An adversary can... Critical Unreviewed
CVE-2018-12649 was published May 13, 2022
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell... Critical Unreviewed
CVE-2017-7898 was published May 13, 2022
htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through... High Unreviewed
CVE-2017-14423 was published May 13, 2022
IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account lockout setting that could... Critical Unreviewed
CVE-2017-1197 was published May 13, 2022
phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in... Critical Unreviewed
CVE-2017-11187 was published May 13, 2022
When the device is configured to perform account lockout with a defined period of time, any... Moderate Unreviewed
CVE-2017-10604 was published May 13, 2022
A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could... High Unreviewed
CVE-2017-12316 was published May 13, 2022
An improper restriction of excessive authentication attempts vulnerability in /principals in... Critical Unreviewed
CVE-2017-15887 was published May 13, 2022
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell... Critical Unreviewed
CVE-2017-7915 was published May 13, 2022
Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior... Critical Unreviewed
CVE-2018-11082 was published May 13, 2022
Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method... Critical Unreviewed
CVE-2018-15759 was published May 13, 2022
A specially crafted script could bypass the authentication of a maintenance port of Emerson... Moderate Unreviewed
CVE-2018-19021 was published May 13, 2022
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an inadequate account lockout... Critical Unreviewed
CVE-2018-1373 was published May 13, 2022
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Belden... Critical Unreviewed
CVE-2018-5469 was published May 13, 2022
An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before... Critical Unreviewed
CVE-2018-19879 was published May 13, 2022
index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginForm... Critical Unreviewed
CVE-2018-19548 was published May 13, 2022
Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication... Critical Unreviewed
CVE-2019-6524 was published May 13, 2022
Keycloak Improper Bruteforce Detection High
CVE-2018-14657 was published for org.keycloak:keycloak-parent (Maven) May 13, 2022
If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The... High Unreviewed
CVE-2019-0039 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database