GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,897
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
108 advisories
Filter by severity
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05...
Critical
Unreviewed
CVE-2019-17215
was published
May 24, 2022
Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive...
Critical
Unreviewed
CVE-2019-3766
was published
May 24, 2022
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1)....
Critical
Unreviewed
CVE-2019-13918
was published
May 24, 2022
IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout...
Critical
Unreviewed
CVE-2019-4336
was published
May 24, 2022
web2py is vulnerable to password brute-force attack
Critical
CVE-2016-10321
was published
for
web2py
(pip)
May 14, 2022
IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a...
Critical
Unreviewed
CVE-2018-1475
was published
May 13, 2022
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force...
Critical
Unreviewed
CVE-2018-12993
was published
May 13, 2022
An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. An adversary can...
Critical
Unreviewed
CVE-2018-12649
was published
May 13, 2022
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell...
Critical
Unreviewed
CVE-2017-7898
was published
May 13, 2022
IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account lockout setting that could...
Critical
Unreviewed
CVE-2017-1197
was published
May 13, 2022
phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in...
Critical
Unreviewed
CVE-2017-11187
was published
May 13, 2022
An improper restriction of excessive authentication attempts vulnerability in /principals in...
Critical
Unreviewed
CVE-2017-15887
was published
May 13, 2022
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell...
Critical
Unreviewed
CVE-2017-7915
was published
May 13, 2022
Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior...
Critical
Unreviewed
CVE-2018-11082
was published
May 13, 2022
Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method...
Critical
Unreviewed
CVE-2018-15759
was published
May 13, 2022
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an inadequate account lockout...
Critical
Unreviewed
CVE-2018-1373
was published
May 13, 2022
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Belden...
Critical
Unreviewed
CVE-2018-5469
was published
May 13, 2022
An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before...
Critical
Unreviewed
CVE-2018-19879
was published
May 13, 2022
index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginForm...
Critical
Unreviewed
CVE-2018-19548
was published
May 13, 2022
Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication...
Critical
Unreviewed
CVE-2019-6524
was published
May 13, 2022
The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for...
Critical
Unreviewed
CVE-2013-4441
was published
May 5, 2022
Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper restriction of excessive...
Critical
Unreviewed
CVE-2022-22561
was published
Apr 13, 2022
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to...
Critical
Unreviewed
CVE-2021-43958
was published
Mar 17, 2022
A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3...
Critical
Unreviewed
CVE-2022-26314
was published
Mar 9, 2022
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that...
Critical
Unreviewed
CVE-2022-22810
was published
Feb 11, 2022
ProTip!
Advisories are also available from the
GraphQL API