Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

282 advisories

InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is... Moderate Unreviewed
CVE-2021-29023 was published May 24, 2022
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to... Critical Unreviewed
CVE-2021-43958 was published Mar 17, 2022
Confd log files contain local users', including root’s, SHA512crypt password hashes with... High Unreviewed
CVE-2022-0652 was published Mar 23, 2022
Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper restriction of excessive... Critical Unreviewed
CVE-2022-22561 was published Apr 13, 2022
There is no limit to the number of attempts to authenticate for the local configuration pages for... Moderate Unreviewed
CVE-2022-26519 was published Apr 21, 2022
A specially crafted script could bypass the authentication of a maintenance port of Emerson... Moderate Unreviewed
CVE-2018-19021 was published May 13, 2022
An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is... High Unreviewed
CVE-2021-27935 was published May 24, 2022
A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact... Critical Unreviewed
CVE-2013-10004 was published May 25, 2022
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that... Critical Unreviewed
CVE-2022-30235 was published Jun 3, 2022
Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict... Critical Unreviewed
CVE-2022-29084 was published Jun 3, 2022
While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being... Moderate Unreviewed
CVE-2022-22496 was published Jul 1, 2022
An issue in TopIDP3000 Topsec Operating System tos_3.3.005.665b.15_smpidp allows attackers to... Critical Unreviewed
CVE-2022-31273 was published Jun 15, 2022
Improper Restriction of Excessive Authentication Attempts Critical
CVE-2022-2321 was published for github.com/heroiclabs/nakama/v3 (Go) Jul 6, 2022
IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could... High Unreviewed
CVE-2022-22452 was published Jul 15, 2022
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control.... Moderate Unreviewed
CVE-2022-24689 was published Jul 19, 2022
Dell EMC PowerStore, contain(s) an Improper Restriction of Excessive Authentication Attempts... Critical Unreviewed
CVE-2022-31234 was published Jul 22, 2022
An attacker can decrypt the Ovarro TBox login password by communication capture and brute force... Critical Unreviewed
CVE-2021-22640 was published Jul 29, 2022
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Part of the application... High Unreviewed
CVE-2022-38491 was published Jan 10, 2023
Planet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative... High Unreviewed
CVE-2022-45893 was published Dec 25, 2022
Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon... Critical Unreviewed
CVE-2022-2166 was published Nov 16, 2022
Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita... Moderate Unreviewed
CVE-2022-3945 was published Nov 11, 2022
The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated... Moderate Unreviewed
CVE-2014-2875 was published May 17, 2022
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 ... High Unreviewed
CVE-2022-24044 was published May 21, 2022
A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a... Critical Unreviewed
CVE-2022-2457 was published Aug 11, 2022
An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12... Moderate Unreviewed
CVE-2019-15577 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API