GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,897
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
108 advisories
Filter by severity
An issue in TopIDP3000 Topsec Operating System tos_3.3.005.665b.15_smpidp allows attackers to...
Critical
Unreviewed
CVE-2022-31273
was published
Jun 15, 2022
Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict...
Critical
Unreviewed
CVE-2022-29084
was published
Jun 3, 2022
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that...
Critical
Unreviewed
CVE-2022-30235
was published
Jun 3, 2022
A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact...
Critical
Unreviewed
CVE-2013-10004
was published
May 25, 2022
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC...
Critical
Unreviewed
CVE-2020-28212
was published
May 24, 2022
Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager,...
Critical
Unreviewed
CVE-2021-32522
was published
May 24, 2022
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have has no account lockout...
Critical
Unreviewed
CVE-2021-38474
was published
May 24, 2022
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access...
Critical
Unreviewed
CVE-2021-28909
was published
May 24, 2022
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to ...
Critical
Unreviewed
CVE-2021-28911
was published
May 24, 2022
Lin-CMS-Flask vulnerable to Improper Authentication
Critical
CVE-2020-18698
was published
for
Lin-CMS
(pip)
May 24, 2022
Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and...
Critical
Unreviewed
CVE-2021-22737
was published
May 24, 2022
Gestsup before 3.2.10 allows account takeover through the password recovery functionality (remote...
Critical
Unreviewed
CVE-2021-31646
was published
May 24, 2022
Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication...
Critical
Unreviewed
CVE-2019-18235
was published
May 24, 2022
The telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does...
Critical
Unreviewed
CVE-2021-25309
was published
May 24, 2022
EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might...
Critical
Unreviewed
CVE-2021-27514
was published
May 24, 2022
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login...
Critical
Unreviewed
CVE-2020-35565
was published
May 24, 2022
LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress...
Critical
Unreviewed
CVE-2020-35590
was published
May 24, 2022
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH...
Critical
Unreviewed
CVE-2020-25196
was published
May 24, 2022
tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid...
Critical
Unreviewed
CVE-2020-15906
was published
May 24, 2022
A ZTE product is impacted by the improper access control vulnerability. Due to lack of an...
Critical
Unreviewed
CVE-2020-6875
was published
May 24, 2022
An issue was discovered in Gradle Enterprise 2018.5. There is a lack of lock-out after excessive...
Critical
Unreviewed
CVE-2020-15770
was published
May 24, 2022
Dolibarr Improper Restriction of Excessive Authentication Attempts
Critical
CVE-2020-7995
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Pimcore 2FA Vulnerable to Brute Forcing
Critical
CVE-2019-18985
was published
for
pimcore/pimcore
(Composer)
May 24, 2022
AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force...
Critical
Unreviewed
CVE-2019-12941
was published
May 24, 2022
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection...
Critical
Unreviewed
CVE-2019-17240
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API