Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,897
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

108 advisories

Loading
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that... Critical Unreviewed
CVE-2022-32515 was published Jul 6, 2023
D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication... Critical Unreviewed
CVE-2023-32224 was published Jun 28, 2023
Froxlor vulnerable to Improper Restriction of Excessive Authentication Attempts Critical
CVE-2023-3173 was published for froxlor/froxlor (Composer) Jun 9, 2023
AzuraCast missing brute force prevention Critical
CVE-2023-2531 was published for azuracast/azuracast (Composer) May 5, 2023
BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a weak default passphrase... Critical Unreviewed
CVE-2023-27746 was published Apr 13, 2023
Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake... Critical Unreviewed
CVE-2023-1665 was published Mar 28, 2023
Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that... Critical Unreviewed
CVE-2022-36413 was published Mar 23, 2023
Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate... Critical Unreviewed
CVE-2023-27100 was published Mar 23, 2023
A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS)... Critical Unreviewed
CVE-2023-24080 was published Feb 22, 2023
Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined... Critical Unreviewed
CVE-2023-0574 was published Feb 9, 2023
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass the brute force protection... Critical Unreviewed
CVE-2023-24020 was published Jan 31, 2023
wger vulnerable to brute force attempts Critical
CVE-2022-2650 was published for wger (pip) Nov 24, 2022
Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon... Critical Unreviewed
CVE-2022-2166 was published Nov 16, 2022
Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3. Critical Unreviewed
CVE-2022-3993 was published Nov 14, 2022
User login brute force protection functionality bypass Critical Unreviewed
CVE-2022-27516 was published Nov 9, 2022
Impact varies for each individual vulnerability in the application. For generation of accounts,... Critical Unreviewed
CVE-2022-3741 was published Oct 28, 2022
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in... Critical Unreviewed
CVE-2022-35846 was published Oct 18, 2022
An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate... Critical Unreviewed
CVE-2022-40055 was published Oct 17, 2022
Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote... Critical Unreviewed
CVE-2022-31228 was published Oct 13, 2022
WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the... Critical Unreviewed
CVE-2022-33106 was published Oct 12, 2022
A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a... Critical Unreviewed
CVE-2022-2457 was published Aug 11, 2022
Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has a prevention against brute-force... Critical Unreviewed
CVE-2022-35490 was published Aug 9, 2022
An attacker can decrypt the Ovarro TBox login password by communication capture and brute force... Critical Unreviewed
CVE-2021-22640 was published Jul 29, 2022
Dell EMC PowerStore, contain(s) an Improper Restriction of Excessive Authentication Attempts... Critical Unreviewed
CVE-2022-31234 was published Jul 22, 2022
Improper Restriction of Excessive Authentication Attempts Critical
CVE-2022-2321 was published for github.com/heroiclabs/nakama/v3 (Go) Jul 6, 2022
ProTip! Advisories are also available from the GraphQL API