GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
263 advisories
Filter by severity
EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess...
Critical
Unreviewed
CVE-2023-6928
was published
Dec 20, 2023
The Theme My Login 2FA WordPress plugin before 1.2 does not rate limit 2FA validation attempts,...
Critical
Unreviewed
CVE-2023-6272
was published
Dec 18, 2023
By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI...
High
Unreviewed
CVE-2023-50444
was published
Dec 13, 2023
A vulnerability was found in Thecosy IceCMS 2.0.1. It has been classified as problematic....
Moderate
Unreviewed
CVE-2023-6756
was published
Dec 13, 2023
DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and...
Critical
Unreviewed
CVE-2023-49443
was published
Dec 8, 2023
Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web...
Critical
Unreviewed
CVE-2023-35039
was published
Dec 7, 2023
A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows...
Critical
Unreviewed
CVE-2023-24051
was published
Dec 5, 2023
kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the...
Critical
Unreviewed
CVE-2023-48028
was published
Nov 18, 2023
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail...
Moderate
Unreviewed
CVE-2023-45582
was published
Nov 14, 2023
The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute...
Moderate
Unreviewed
CVE-2023-42480
was published
Nov 14, 2023
Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake...
Critical
Unreviewed
CVE-2023-2675
was published
Nov 13, 2023
Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Smart TV...
Low
Unreviewed
CVE-2023-41270
was published
Nov 8, 2023
Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric...
Moderate
Unreviewed
CVE-2023-4625
was published
Nov 6, 2023
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple...
High
Unreviewed
CVE-2023-41350
was published
Nov 3, 2023
A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows attackers to obtain user...
High
Unreviewed
CVE-2023-37832
was published
Oct 31, 2023
Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily...
Critical
Unreviewed
CVE-2023-5754
was published
Oct 26, 2023
The cookie session ID is of insufficient length and can be exploited by
brute force, which may...
Critical
Unreviewed
CVE-2023-42769
was published
Oct 26, 2023
UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks...
Unknown
Unreviewed
CVE-2023-37635
was published
Oct 23, 2023
DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to...
Critical
Unreviewed
CVE-2023-27152
was published
Oct 23, 2023
The TETRA TEA1 keystream generator implements a key register initialization function that...
High
Unreviewed
CVE-2022-24402
was published
Oct 19, 2023
Vulnerability of brute-force attacks on the device authentication module.Successful exploitation...
High
Unreviewed
CVE-2023-44096
was published
Oct 11, 2023
Vulnerability of brute-force attacks on the device authentication module.Successful exploitation...
High
Unreviewed
CVE-2023-44111
was published
Oct 11, 2023
Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU
allows an...
High
Unreviewed
CVE-2023-43699
was published
Oct 9, 2023
OpenCart v4.0.2.2 is vulnerable to Brute Force Attack.
Critical
Unreviewed
CVE-2023-40834
was published
Sep 12, 2023
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an...
High
Unreviewed
CVE-2023-26271
was published
Aug 28, 2023
ProTip!
Advisories are also available from the
GraphQL API