GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
281 advisories
Filter by severity
A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000,...
Critical
Unreviewed
CVE-2021-41435
was published
Nov 20, 2021
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting...
High
Unreviewed
CVE-2021-38890
was published
Nov 24, 2021
Missing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase®...
Critical
Unreviewed
CVE-2021-42544
was published
Dec 1, 2021
Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account...
Critical
Unreviewed
CVE-2021-37934
was published
Dec 11, 2021
ENC DataVault 7.1.1W and VaultAPI v67, which is currently being used in various other...
High
Unreviewed
CVE-2021-36750
was published
Dec 23, 2021
An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute...
Critical
Unreviewed
CVE-2020-21238
was published
Dec 29, 2021
An issue in the user login box of LJCMS v1.11 allows attackers to hijack user accounts via brute...
Critical
Unreviewed
CVE-2020-21237
was published
Dec 29, 2021
Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873...
Critical
Unreviewed
CVE-2021-41807
was published
Jan 19, 2022
Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication...
Critical
Unreviewed
CVE-2022-22553
was published
Jan 22, 2022
The code that performs password matching when using 'Basic' HTTP authentication does not use a...
Critical
Unreviewed
CVE-2021-43298
was published
Jan 26, 2022
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that...
High
Unreviewed
CVE-2021-22818
was published
Jan 29, 2022
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS...
High
Unreviewed
CVE-2021-40360
was published
Feb 10, 2022
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that...
Critical
Unreviewed
CVE-2022-22810
was published
Feb 11, 2022
A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3...
Critical
Unreviewed
CVE-2022-26314
was published
Mar 9, 2022
A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows...
Moderate
Unreviewed
CVE-2022-25820
was published
Mar 11, 2022
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to...
Critical
Unreviewed
CVE-2021-43958
was published
Mar 17, 2022
Confd log files contain local users', including root’s, SHA512crypt password hashes with...
High
Unreviewed
CVE-2022-0652
was published
Mar 23, 2022
Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper restriction of excessive...
Critical
Unreviewed
CVE-2022-22561
was published
Apr 13, 2022
There is no limit to the number of attempts to authenticate for the local configuration pages for...
Moderate
Unreviewed
CVE-2022-26519
was published
Apr 21, 2022
Compaq/Microcom 6000 Access Integrator does not disconnect a client after a certain number of...
Moderate
Unreviewed
CVE-1999-1152
was published
Apr 30, 2022
VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly...
High
Unreviewed
CVE-1999-1324
was published
Apr 30, 2022
Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which...
High
Unreviewed
CVE-2001-0395
was published
Apr 30, 2022
The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect...
High
Unreviewed
CVE-2001-1291
was published
Apr 30, 2022
Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when...
High
Unreviewed
CVE-2001-1339
was published
Apr 30, 2022
The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed...
Moderate
Unreviewed
CVE-2002-0628
was published
Apr 30, 2022
ProTip!
Advisories are also available from the
GraphQL API