GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
303 advisories
Filter by severity
A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000,...
Critical
Unreviewed
CVE-2021-41435
was published
Nov 20, 2021
An unauthenticated remote attacker can bypass the brute force prevention mechanism and disturb...
High
Unreviewed
CVE-2024-1104
was published
Feb 22, 2024
Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security
Moderate
CVE-2024-21500
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly...
High
Unreviewed
CVE-1999-1324
was published
Apr 30, 2022
The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect...
High
Unreviewed
CVE-2001-1291
was published
Apr 30, 2022
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection,...
Moderate
Unreviewed
CVE-2023-45190
was published
Feb 9, 2024
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting...
High
Unreviewed
CVE-2023-45191
was published
Feb 9, 2024
The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed...
Moderate
Unreviewed
CVE-2002-0628
was published
Apr 30, 2022
Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which...
High
Unreviewed
CVE-2001-0395
was published
Apr 30, 2022
Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when...
High
Unreviewed
CVE-2001-1339
was published
Apr 30, 2022
Compaq/Microcom 6000 Access Integrator does not disconnect a client after a certain number of...
Moderate
Unreviewed
CVE-1999-1152
was published
Apr 30, 2022
IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting...
High
Unreviewed
CVE-2023-38273
was published
Feb 2, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a...
High
Unreviewed
CVE-2023-50326
was published
Feb 2, 2024
SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts,...
Critical
Unreviewed
CVE-2023-33759
was published
Jan 25, 2024
The number of attempts to bring the Hozard Alarm system (alarmsystemen) v1.0 to a disarmed state...
High
Unreviewed
CVE-2023-50123
was published
Jan 11, 2024
The Omron FINS protocol has an authenticated feature to prevent access to memory regions....
High
Unreviewed
CVE-2022-45790
was published
Jan 22, 2024
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow...
Critical
Unreviewed
CVE-2024-22317
was published
Jan 18, 2024
WWBN AVideo Improper Restriction of Excessive Authentication Attempts vulnerability
High
CVE-2023-49810
was published
for
wwbn/avideo
(Composer)
Jan 10, 2024
Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows...
Critical
Unreviewed
CVE-2023-27172
was published
Dec 20, 2023
The Theme My Login 2FA WordPress plugin before 1.2 does not rate limit 2FA validation attempts,...
Critical
Unreviewed
CVE-2023-6272
was published
Dec 18, 2023
By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI...
High
Unreviewed
CVE-2023-50444
was published
Dec 13, 2023
DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and...
Critical
Unreviewed
CVE-2023-49443
was published
Dec 8, 2023
EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess...
Critical
Unreviewed
CVE-2023-6928
was published
Dec 20, 2023
A vulnerability was found in Thecosy IceCMS 2.0.1. It has been classified as problematic....
Moderate
Unreviewed
CVE-2023-6756
was published
Dec 13, 2023
Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web...
Critical
Unreviewed
CVE-2023-35039
was published
Dec 7, 2023
ProTip!
Advisories are also available from the
GraphQL API