GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,897
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
108 advisories
Filter by severity
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that...
Critical
Unreviewed
CVE-2022-32515
was published
Jul 6, 2023
D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication...
Critical
Unreviewed
CVE-2023-32224
was published
Jun 28, 2023
Froxlor vulnerable to Improper Restriction of Excessive Authentication Attempts
Critical
CVE-2023-3173
was published
for
froxlor/froxlor
(Composer)
Jun 9, 2023
AzuraCast missing brute force prevention
Critical
CVE-2023-2531
was published
for
azuracast/azuracast
(Composer)
May 5, 2023
BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a weak default passphrase...
Critical
Unreviewed
CVE-2023-27746
was published
Apr 13, 2023
Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake...
Critical
Unreviewed
CVE-2023-1665
was published
Mar 28, 2023
Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that...
Critical
Unreviewed
CVE-2022-36413
was published
Mar 23, 2023
Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate...
Critical
Unreviewed
CVE-2023-27100
was published
Mar 23, 2023
A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS)...
Critical
Unreviewed
CVE-2023-24080
was published
Feb 22, 2023
Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined...
Critical
Unreviewed
CVE-2023-0574
was published
Feb 9, 2023
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass the brute force protection...
Critical
Unreviewed
CVE-2023-24020
was published
Jan 31, 2023
wger vulnerable to brute force attempts
Critical
CVE-2022-2650
was published
for
wger
(pip)
Nov 24, 2022
Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon...
Critical
Unreviewed
CVE-2022-2166
was published
Nov 16, 2022
Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3.
Critical
Unreviewed
CVE-2022-3993
was published
Nov 14, 2022
User login brute force protection functionality bypass
Critical
Unreviewed
CVE-2022-27516
was published
Nov 9, 2022
Impact varies for each individual vulnerability in the application. For generation of accounts,...
Critical
Unreviewed
CVE-2022-3741
was published
Oct 28, 2022
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in...
Critical
Unreviewed
CVE-2022-35846
was published
Oct 18, 2022
An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate...
Critical
Unreviewed
CVE-2022-40055
was published
Oct 17, 2022
Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote...
Critical
Unreviewed
CVE-2022-31228
was published
Oct 13, 2022
WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the...
Critical
Unreviewed
CVE-2022-33106
was published
Oct 12, 2022
A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a...
Critical
Unreviewed
CVE-2022-2457
was published
Aug 11, 2022
Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has a prevention against brute-force...
Critical
Unreviewed
CVE-2022-35490
was published
Aug 9, 2022
An attacker can decrypt the Ovarro TBox login password by communication capture and brute force...
Critical
Unreviewed
CVE-2021-22640
was published
Jul 29, 2022
Dell EMC PowerStore, contain(s) an Improper Restriction of Excessive Authentication Attempts...
Critical
Unreviewed
CVE-2022-31234
was published
Jul 22, 2022
Improper Restriction of Excessive Authentication Attempts
Critical
CVE-2022-2321
was published
for
github.com/heroiclabs/nakama/v3
(Go)
Jul 6, 2022
ProTip!
Advisories are also available from the
GraphQL API