Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

284 advisories

Loading
Improper Restriction of Excessive Authentication Attempts in Sorcery High
CVE-2020-11052 was published for sorcery (RubyGems) May 7, 2020
futuretap
Improper Restriction of Excessive Authentication Attempts in Argo API High
CVE-2020-8827 was published for github.com/argoproj/argo-cd (Go) Jul 26, 2021
No Restriction of Excessive Authentication Attempts in Firefly III Moderate
CVE-2021-3663 was published for grumpydictator/firefly-iii (Composer) Aug 9, 2021
Improper Restriction of Excessive Authentication Attempts in py-bcrypt High
CVE-2013-1895 was published for py-bcrypt (pip) Oct 12, 2021
A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000,... Critical Unreviewed
CVE-2021-41435 was published Nov 20, 2021
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting... High Unreviewed
CVE-2021-38890 was published Nov 24, 2021
Missing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase®... Critical Unreviewed
CVE-2021-42544 was published Dec 1, 2021
Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account... Critical Unreviewed
CVE-2021-37934 was published Dec 11, 2021
ENC DataVault 7.1.1W and VaultAPI v67, which is currently being used in various other... High Unreviewed
CVE-2021-36750 was published Dec 23, 2021
An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute... Critical Unreviewed
CVE-2020-21238 was published Dec 29, 2021
An issue in the user login box of LJCMS v1.11 allows attackers to hijack user accounts via brute... Critical Unreviewed
CVE-2020-21237 was published Dec 29, 2021
Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873... Critical Unreviewed
CVE-2021-41807 was published Jan 19, 2022
Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication... Critical Unreviewed
CVE-2022-22553 was published Jan 22, 2022
The code that performs password matching when using 'Basic' HTTP authentication does not use a... Critical Unreviewed
CVE-2021-43298 was published Jan 26, 2022
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that... High Unreviewed
CVE-2021-22818 was published Jan 29, 2022
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS... High Unreviewed
CVE-2021-40360 was published Feb 10, 2022
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that... Critical Unreviewed
CVE-2022-22810 was published Feb 11, 2022
A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3... Critical Unreviewed
CVE-2022-26314 was published Mar 9, 2022
A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows... Moderate Unreviewed
CVE-2022-25820 was published Mar 11, 2022
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to... Critical Unreviewed
CVE-2021-43958 was published Mar 17, 2022
Confd log files contain local users', including root’s, SHA512crypt password hashes with... High Unreviewed
CVE-2022-0652 was published Mar 23, 2022
Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper restriction of excessive... Critical Unreviewed
CVE-2022-22561 was published Apr 13, 2022
There is no limit to the number of attempts to authenticate for the local configuration pages for... Moderate Unreviewed
CVE-2022-26519 was published Apr 21, 2022
Compaq/Microcom 6000 Access Integrator does not disconnect a client after a certain number of... Moderate Unreviewed
CVE-1999-1152 was published Apr 30, 2022
VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly... High Unreviewed
CVE-1999-1324 was published Apr 30, 2022
ProTip! Advisories are also available from the GraphQL API