GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
80 advisories
Filter by severity
InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is...
Moderate
Unreviewed
CVE-2021-29023
was published
May 24, 2022
There is no limit to the number of attempts to authenticate for the local configuration pages for...
Moderate
Unreviewed
CVE-2022-26519
was published
Apr 21, 2022
A specially crafted script could bypass the authentication of a maintenance port of Emerson...
Moderate
Unreviewed
CVE-2018-19021
was published
May 13, 2022
While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being...
Moderate
Unreviewed
CVE-2022-22496
was published
Jul 1, 2022
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control....
Moderate
Unreviewed
CVE-2022-24689
was published
Jul 19, 2022
Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita...
Moderate
Unreviewed
CVE-2022-3945
was published
Nov 11, 2022
The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated...
Moderate
Unreviewed
CVE-2014-2875
was published
May 17, 2022
An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12...
Moderate
Unreviewed
CVE-2019-15577
was published
May 24, 2022
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over...
Moderate
Unreviewed
CVE-2019-13394
was published
May 24, 2022
OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system...
Moderate
Unreviewed
CVE-2020-14494
was published
May 24, 2022
An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because...
Moderate
Unreviewed
CVE-2020-29042
was published
May 24, 2022
A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist...
Moderate
Unreviewed
CVE-2020-5141
was published
May 24, 2022
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).
Moderate
Unreviewed
CVE-2020-29136
was published
May 24, 2022
An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User...
Moderate
Unreviewed
CVE-2020-28206
was published
May 24, 2022
WiseConnect - ScreenConnect Session Code Bypass. An attacker would have to use a proxy to monitor...
Moderate
Unreviewed
CVE-2022-36781
was published
Sep 29, 2022
Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an...
Moderate
Unreviewed
CVE-2021-20635
was published
May 24, 2022
An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly...
Moderate
Unreviewed
CVE-2021-29648
was published
May 24, 2022
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account...
Moderate
Unreviewed
CVE-2020-4891
was published
May 24, 2022
In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in...
Moderate
Unreviewed
CVE-2021-33190
was published
May 24, 2022
After requesting multiple permissions, and closing the first permission panel, subsequent...
Moderate
Unreviewed
CVE-2021-29987
was published
May 24, 2022
Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php
Moderate
Unreviewed
CVE-2021-38725
was published
May 24, 2022
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could...
Moderate
Unreviewed
CVE-2021-29842
was published
May 24, 2022
Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A...
Moderate
Unreviewed
CVE-2021-36285
was published
May 24, 2022
Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A...
Moderate
Unreviewed
CVE-2021-36284
was published
May 24, 2022
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is...
Moderate
Unreviewed
CVE-2021-42096
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API