GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,086
Composer 4,077
Erlang 29
GitHub Actions 19
Go 1,900
Maven 5,098
npm 3,630
NuGet 638
pip 3,244
Pub 10
RubyGems 863
Rust 818
Swift 35

Unreviewed advisories

All unreviewed 228,414

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

87 advisories

Filter by severity

Sort by

Least recently updated

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control.... Moderate Unreviewed

CVE-2022-24689 was published Jul 19, 2022

While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being... Moderate Unreviewed

CVE-2022-22496 was published Jul 1, 2022

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design,... Moderate Unreviewed

CVE-2022-28384 was published Jun 9, 2022

An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for... Moderate Unreviewed

CVE-2022-28386 was published Jun 9, 2022

In Ionic Identity Vault before 5.0.5, the protection mechanism for invalid unlock attempts can be... Moderate Unreviewed

CVE-2021-44033 was published May 24, 2022

In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an... Moderate Unreviewed

CVE-2021-43332 was published May 24, 2022

An issue was discovered in Fimer Aurora Vision before 2.97.10. The response to a failed login... Moderate Unreviewed

CVE-2021-33209 was published May 24, 2022

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is... Moderate Unreviewed

CVE-2021-42096 was published May 24, 2022

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A... Moderate Unreviewed

CVE-2021-36285 was published May 24, 2022

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A... Moderate Unreviewed

CVE-2021-36284 was published May 24, 2022

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could... Moderate Unreviewed

CVE-2021-29842 was published May 24, 2022

Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php Moderate Unreviewed

CVE-2021-38725 was published May 24, 2022

After requesting multiple permissions, and closing the first permission panel, subsequent... Moderate Unreviewed

CVE-2021-29987 was published May 24, 2022

In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in... Moderate Unreviewed

CVE-2021-33190 was published May 24, 2022

InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is... Moderate Unreviewed

CVE-2021-29023 was published May 24, 2022

An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly... Moderate Unreviewed

CVE-2021-29648 was published May 24, 2022

IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account... Moderate Unreviewed

CVE-2020-4891 was published May 24, 2022

Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an... Moderate Unreviewed

CVE-2021-20635 was published May 24, 2022

A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings... Moderate Unreviewed

CVE-2021-1311 was published May 24, 2022

An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User... Moderate Unreviewed

CVE-2020-28206 was published May 24, 2022

In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575). Moderate Unreviewed

CVE-2020-29136 was published May 24, 2022

An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because... Moderate Unreviewed

CVE-2020-29042 was published May 24, 2022

A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist... Moderate Unreviewed

CVE-2020-5141 was published May 24, 2022

OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system... Moderate Unreviewed

CVE-2020-14494 was published May 24, 2022

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over... Moderate Unreviewed

CVE-2019-13394 was published May 24, 2022

Previous 1 2 3 4 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

87 advisories