Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

302 advisories

Loading
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force... Critical Unreviewed
CVE-2018-12993 was published May 13, 2022
An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. An adversary can... Critical Unreviewed
CVE-2018-12649 was published May 13, 2022
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell... Critical Unreviewed
CVE-2017-7898 was published May 13, 2022
htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through... High Unreviewed
CVE-2017-14423 was published May 13, 2022
IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account lockout setting that could... Critical Unreviewed
CVE-2017-1197 was published May 13, 2022
phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in... Critical Unreviewed
CVE-2017-11187 was published May 13, 2022
When the device is configured to perform account lockout with a defined period of time, any... Moderate Unreviewed
CVE-2017-10604 was published May 13, 2022
A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could... High Unreviewed
CVE-2017-12316 was published May 13, 2022
An improper restriction of excessive authentication attempts vulnerability in /principals in... Critical Unreviewed
CVE-2017-15887 was published May 13, 2022
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell... Critical Unreviewed
CVE-2017-7915 was published May 13, 2022
Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior... Critical Unreviewed
CVE-2018-11082 was published May 13, 2022
Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method... Critical Unreviewed
CVE-2018-15759 was published May 13, 2022
A specially crafted script could bypass the authentication of a maintenance port of Emerson... Moderate Unreviewed
CVE-2018-19021 was published May 13, 2022
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an inadequate account lockout... Critical Unreviewed
CVE-2018-1373 was published May 13, 2022
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Belden... Critical Unreviewed
CVE-2018-5469 was published May 13, 2022
An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before... Critical Unreviewed
CVE-2018-19879 was published May 13, 2022
index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginForm... Critical Unreviewed
CVE-2018-19548 was published May 13, 2022
Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication... Critical Unreviewed
CVE-2019-6524 was published May 13, 2022
Keycloak Improper Bruteforce Detection High
CVE-2018-14657 was published for org.keycloak:keycloak-parent (Maven) May 13, 2022
If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The... High Unreviewed
CVE-2019-0039 was published May 13, 2022
The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for... Critical Unreviewed
CVE-2013-4441 was published May 5, 2022
SaltStack RSA Key Generation allows remote users to decrypt communications High
CVE-2013-2228 was published for salt (pip) May 5, 2022
Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brute Force Weakness High Unreviewed
CVE-2013-2257 was published May 5, 2022
The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed... Moderate Unreviewed
CVE-2002-0628 was published Apr 30, 2022
Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when... High Unreviewed
CVE-2001-1339 was published Apr 30, 2022
ProTip! Advisories are also available from the GraphQL API