GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
284 advisories
Filter by severity
Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account...
Critical
Unreviewed
CVE-2021-37934
was published
Dec 11, 2021
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Belden...
Critical
Unreviewed
CVE-2018-5469
was published
May 13, 2022
An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate...
Critical
Unreviewed
CVE-2022-40055
was published
Oct 17, 2022
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an inadequate account lockout...
Critical
Unreviewed
CVE-2018-1373
was published
May 13, 2022
Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method...
Critical
Unreviewed
CVE-2018-15759
was published
May 13, 2022
Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior...
Critical
Unreviewed
CVE-2018-11082
was published
May 13, 2022
A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could...
High
Unreviewed
CVE-2017-12316
was published
May 13, 2022
When the device is configured to perform account lockout with a defined period of time, any...
Moderate
Unreviewed
CVE-2017-10604
was published
May 13, 2022
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell...
Critical
Unreviewed
CVE-2017-7915
was published
May 13, 2022
An improper restriction of excessive authentication attempts vulnerability in /principals in...
Critical
Unreviewed
CVE-2017-15887
was published
May 13, 2022
phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in...
Critical
Unreviewed
CVE-2017-11187
was published
May 13, 2022
IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account lockout setting that could...
Critical
Unreviewed
CVE-2017-1197
was published
May 13, 2022
htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through...
High
Unreviewed
CVE-2017-14423
was published
May 13, 2022
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell...
Critical
Unreviewed
CVE-2017-7898
was published
May 13, 2022
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force...
Critical
Unreviewed
CVE-2018-12993
was published
May 13, 2022
A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker...
Moderate
Unreviewed
CVE-2018-16703
was published
May 13, 2022
An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. An adversary can...
Critical
Unreviewed
CVE-2018-12649
was published
May 13, 2022
IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a...
Critical
Unreviewed
CVE-2018-1475
was published
May 13, 2022
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration,...
High
Unreviewed
CVE-2019-4068
was published
May 24, 2022
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an...
Moderate
Unreviewed
CVE-2021-43332
was published
May 24, 2022
wger vulnerable to brute force attempts
Critical
CVE-2022-2650
was published
for
wger
(pip)
Nov 24, 2022
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in...
Critical
Unreviewed
CVE-2022-35846
was published
Oct 18, 2022
usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts
Moderate
CVE-2022-4797
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
ENC DataVault 7.1.1W and VaultAPI v67, which is currently being used in various other...
High
Unreviewed
CVE-2021-36750
was published
Dec 23, 2021
An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute...
Critical
Unreviewed
CVE-2020-21238
was published
Dec 29, 2021
ProTip!
Advisories are also available from the
GraphQL API