Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,983
Maven
5,000+
npm
3,701
NuGet
656
pip
3,324
Pub
11
RubyGems
882
Rust
835
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

75 advisories

Loading
A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows... Moderate Unreviewed
CVE-2022-25820 was published Mar 11, 2022
There is no limit to the number of attempts to authenticate for the local configuration pages for... Moderate Unreviewed
CVE-2022-26519 was published Apr 21, 2022
Compaq/Microcom 6000 Access Integrator does not disconnect a client after a certain number of... Moderate Unreviewed
CVE-1999-1152 was published Apr 30, 2022
The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed... Moderate Unreviewed
CVE-2002-0628 was published Apr 30, 2022
A specially crafted script could bypass the authentication of a maintenance port of Emerson... Moderate Unreviewed
CVE-2018-19021 was published May 13, 2022
When the device is configured to perform account lockout with a defined period of time, any... Moderate Unreviewed
CVE-2017-10604 was published May 13, 2022
A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker... Moderate Unreviewed
CVE-2018-16703 was published May 13, 2022
The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated... Moderate Unreviewed
CVE-2014-2875 was published May 17, 2022
There is an information disclosure vulnerability on Mate 9 Pro Huawei smartphones versions... Moderate Unreviewed
CVE-2019-5217 was published May 24, 2022
A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS)... Moderate Unreviewed
CVE-2019-1126 was published May 24, 2022
An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12... Moderate Unreviewed
CVE-2019-15577 was published May 24, 2022
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over... Moderate Unreviewed
CVE-2019-13394 was published May 24, 2022
OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system... Moderate Unreviewed
CVE-2020-14494 was published May 24, 2022
A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist... Moderate Unreviewed
CVE-2020-5141 was published May 24, 2022
An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because... Moderate Unreviewed
CVE-2020-29042 was published May 24, 2022
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575). Moderate Unreviewed
CVE-2020-29136 was published May 24, 2022
An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User... Moderate Unreviewed
CVE-2020-28206 was published May 24, 2022
A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings... Moderate Unreviewed
CVE-2021-1311 was published May 24, 2022
Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an... Moderate Unreviewed
CVE-2021-20635 was published May 24, 2022
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account... Moderate Unreviewed
CVE-2020-4891 was published May 24, 2022
An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly... Moderate Unreviewed
CVE-2021-29648 was published May 24, 2022
InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is... Moderate Unreviewed
CVE-2021-29023 was published May 24, 2022
In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in... Moderate Unreviewed
CVE-2021-33190 was published May 24, 2022
After requesting multiple permissions, and closing the first permission panel, subsequent... Moderate Unreviewed
CVE-2021-29987 was published May 24, 2022
Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php Moderate Unreviewed
CVE-2021-38725 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database