GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,410
Composer 3,972
Erlang 29
GitHub Actions 16
Go 1,762
Maven 4,983
npm 3,518
NuGet 609
pip 3,094
Pub 10
RubyGems 833
Rust 782
Swift 34

Unreviewed advisories

All unreviewed 221,711

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

284 advisories

Filter by severity

Sort by

Least recently updated

Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows... High Unreviewed

CVE-2022-26964 was published Dec 26, 2022

An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet... Low Unreviewed

CVE-2020-11582 was published May 24, 2022

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over... Moderate Unreviewed

CVE-2019-13394 was published May 24, 2022

A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by... High Unreviewed

CVE-2022-4006 was published Nov 16, 2022

An issue was discovered in Gradle Enterprise 2018.5. There is a lack of lock-out after excessive... Critical Unreviewed

CVE-2020-15770 was published May 24, 2022

OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system... Moderate Unreviewed

CVE-2020-14494 was published May 24, 2022

A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS... High Unreviewed

CVE-2020-15786 was published May 24, 2022

WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the... Critical Unreviewed

CVE-2022-33106 was published Oct 12, 2022

tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid... Critical Unreviewed

CVE-2020-15906 was published May 24, 2022

A ZTE product is impacted by the improper access control vulnerability. Due to lack of an... Critical Unreviewed

CVE-2020-6875 was published May 24, 2022

An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because... Moderate Unreviewed

CVE-2020-29042 was published May 24, 2022

The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH... Critical Unreviewed

CVE-2020-25196 was published May 24, 2022

A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist... Moderate Unreviewed

CVE-2020-5141 was published May 24, 2022

In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575). Moderate Unreviewed

CVE-2020-29136 was published May 24, 2022

An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User... Moderate Unreviewed

CVE-2020-28206 was published May 24, 2022

WiseConnect - ScreenConnect Session Code Bypass. An attacker would have to use a proxy to monitor... Moderate Unreviewed

CVE-2022-36781 was published Sep 29, 2022

Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote... Critical Unreviewed

CVE-2022-31228 was published Oct 13, 2022

In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force... High Unreviewed

CVE-2020-35585 was published May 24, 2022

Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows... High Unreviewed

CVE-2020-27423 was published May 24, 2022

In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement... High Unreviewed

CVE-2021-3138 was published May 24, 2022

Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an... Moderate Unreviewed

CVE-2021-20635 was published May 24, 2022

The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a... High Unreviewed

CVE-2021-27188 was published May 24, 2022

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login... Critical Unreviewed

CVE-2020-35565 was published May 24, 2022

LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress... Critical Unreviewed

CVE-2020-35590 was published May 24, 2022

In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using... High Unreviewed

CVE-2020-35586 was published May 24, 2022

Previous 1 2 3 4 5 … 11 12 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

284 advisories