Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

114 advisories

Loading
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to... Critical Unreviewed
CVE-2021-43958 was published Mar 17, 2022
Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper restriction of excessive... Critical Unreviewed
CVE-2022-22561 was published Apr 13, 2022
A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact... Critical Unreviewed
CVE-2013-10004 was published May 25, 2022
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that... Critical Unreviewed
CVE-2022-30235 was published Jun 3, 2022
Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict... Critical Unreviewed
CVE-2022-29084 was published Jun 3, 2022
An issue in TopIDP3000 Topsec Operating System tos_3.3.005.665b.15_smpidp allows attackers to... Critical Unreviewed
CVE-2022-31273 was published Jun 15, 2022
Improper Restriction of Excessive Authentication Attempts Critical
CVE-2022-2321 was published for github.com/heroiclabs/nakama/v3 (Go) Jul 6, 2022
Dell EMC PowerStore, contain(s) an Improper Restriction of Excessive Authentication Attempts... Critical Unreviewed
CVE-2022-31234 was published Jul 22, 2022
An attacker can decrypt the Ovarro TBox login password by communication capture and brute force... Critical Unreviewed
CVE-2021-22640 was published Jul 29, 2022
Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon... Critical Unreviewed
CVE-2022-2166 was published Nov 16, 2022
A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a... Critical Unreviewed
CVE-2022-2457 was published Aug 11, 2022
An issue was discovered in Gradle Enterprise 2018.5. There is a lack of lock-out after excessive... Critical Unreviewed
CVE-2020-15770 was published May 24, 2022
WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the... Critical Unreviewed
CVE-2022-33106 was published Oct 12, 2022
tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid... Critical Unreviewed
CVE-2020-15906 was published May 24, 2022
A ZTE product is impacted by the improper access control vulnerability. Due to lack of an... Critical Unreviewed
CVE-2020-6875 was published May 24, 2022
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH... Critical Unreviewed
CVE-2020-25196 was published May 24, 2022
Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote... Critical Unreviewed
CVE-2022-31228 was published Oct 13, 2022
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login... Critical Unreviewed
CVE-2020-35565 was published May 24, 2022
LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress... Critical Unreviewed
CVE-2020-35590 was published May 24, 2022
EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might... Critical Unreviewed
CVE-2021-27514 was published May 24, 2022
The telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does... Critical Unreviewed
CVE-2021-25309 was published May 24, 2022
Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication... Critical Unreviewed
CVE-2019-18235 was published May 24, 2022
Gestsup before 3.2.10 allows account takeover through the password recovery functionality (remote... Critical Unreviewed
CVE-2021-31646 was published May 24, 2022
Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and... Critical Unreviewed
CVE-2021-22737 was published May 24, 2022
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access... Critical Unreviewed
CVE-2021-28909 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database