GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+
287 advisories
Filter by severity
Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate...
Critical
Unreviewed
CVE-2023-27100
was published
Mar 23, 2023
Answer has Guessable CAPTCHA
Moderate
CVE-2023-1539
was published
for
github.com/answerdev/answer
(Go)
Mar 21, 2023
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet...
Moderate
Unreviewed
CVE-2022-29056
was published
Mar 9, 2023
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet...
Moderate
Unreviewed
CVE-2023-26209
was published
Mar 9, 2023
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet...
Moderate
Unreviewed
CVE-2023-26208
was published
Mar 9, 2023
XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor
High
CVE-2023-26476
was published
for
org.xwiki.platform:xwiki-platform-livetable-ui
(Maven)
Mar 3, 2023
SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an...
High
Unreviewed
CVE-2023-1101
was published
Mar 3, 2023
A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS)...
Critical
Unreviewed
CVE-2023-24080
was published
Feb 22, 2023
Improper Restriction of Excessive Authentication Attempts in modoboa
High
CVE-2023-0860
was published
for
modoboa
(pip)
Feb 16, 2023
No protection against brute-force attacks on login page
High
CVE-2023-25156
was published
for
kiwitcms
(pip)
Feb 15, 2023
Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component....
Moderate
Unreviewed
CVE-2022-34389
was published
Feb 11, 2023
Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined...
Critical
Unreviewed
CVE-2023-0574
was published
Feb 9, 2023
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass the brute force protection...
Critical
Unreviewed
CVE-2023-24020
was published
Jan 31, 2023
Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency.
High
Unreviewed
CVE-2023-22960
was published
Jan 23, 2023
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced....
High
Unreviewed
CVE-2021-27782
was published
Jan 20, 2023
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Part of the application...
High
Unreviewed
CVE-2022-38491
was published
Jan 10, 2023
usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts
Moderate
CVE-2022-4797
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows...
High
Unreviewed
CVE-2022-26964
was published
Dec 26, 2022
Planet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative...
High
Unreviewed
CVE-2022-45893
was published
Dec 25, 2022
The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network...
High
Unreviewed
CVE-2022-23746
was published
Nov 30, 2022
wger vulnerable to brute force attempts
Critical
CVE-2022-2650
was published
for
wger
(pip)
Nov 24, 2022
Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts...
High
Unreviewed
CVE-2022-37772
was published
Nov 23, 2022
A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by...
High
Unreviewed
CVE-2022-4006
was published
Nov 16, 2022
Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon...
Critical
Unreviewed
CVE-2022-2166
was published
Nov 16, 2022
Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3.
Critical
Unreviewed
CVE-2022-3993
was published
Nov 14, 2022
ProTip!
Advisories are also available from the
GraphQL API