Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,324
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

311 advisories

Loading
LibreNMS vulnerable to rate limiting bypass on login page Moderate
CVE-2023-46745 was published for librenms/librenms (Composer) Nov 17, 2023
rook1337
kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the... Critical Unreviewed
CVE-2023-48028 was published Nov 18, 2023
Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web... Critical Unreviewed
CVE-2023-35039 was published Dec 7, 2023
A vulnerability was found in Thecosy IceCMS 2.0.1. It has been classified as problematic.... Moderate Unreviewed
CVE-2023-6756 was published Dec 13, 2023
EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess... Critical Unreviewed
CVE-2023-6928 was published Dec 20, 2023
DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and... Critical Unreviewed
CVE-2023-49443 was published Dec 8, 2023
By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI... High Unreviewed
CVE-2023-50444 was published Dec 13, 2023
The Theme My Login 2FA WordPress plugin before 1.2 does not rate limit 2FA validation attempts,... Critical Unreviewed
CVE-2023-6272 was published Dec 18, 2023
Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows... Critical Unreviewed
CVE-2023-27172 was published Dec 20, 2023
WWBN AVideo Improper Restriction of Excessive Authentication Attempts vulnerability High
CVE-2023-49810 was published for wwbn/avideo (Composer) Jan 10, 2024
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow... Critical Unreviewed
CVE-2024-22317 was published Jan 18, 2024
The Omron FINS protocol has an authenticated feature to prevent access to memory regions.... High Unreviewed
CVE-2022-45790 was published Jan 22, 2024
The number of attempts to bring the Hozard Alarm system (alarmsystemen) v1.0 to a disarmed state... High Unreviewed
CVE-2023-50123 was published Jan 11, 2024
SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts,... Critical Unreviewed
CVE-2023-33759 was published Jan 25, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a... High Unreviewed
CVE-2023-50326 was published Feb 2, 2024
IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting... High Unreviewed
CVE-2023-38273 was published Feb 2, 2024
Compaq/Microcom 6000 Access Integrator does not disconnect a client after a certain number of... Moderate Unreviewed
CVE-1999-1152 was published Apr 30, 2022
Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which... High Unreviewed
CVE-2001-0395 was published Apr 30, 2022
Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when... High Unreviewed
CVE-2001-1339 was published Apr 30, 2022
The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed... Moderate Unreviewed
CVE-2002-0628 was published Apr 30, 2022
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting... High Unreviewed
CVE-2023-45191 was published Feb 9, 2024
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection,... Moderate Unreviewed
CVE-2023-45190 was published Feb 9, 2024
The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect... High Unreviewed
CVE-2001-1291 was published Apr 30, 2022
VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly... High Unreviewed
CVE-1999-1324 was published Apr 30, 2022
Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security Moderate
CVE-2024-21500 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database