GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
263 advisories
Filter by severity
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet...
Moderate
Unreviewed
CVE-2022-29056
was published
Mar 9, 2023
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet...
Moderate
Unreviewed
CVE-2023-26209
was published
Mar 9, 2023
SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an...
High
Unreviewed
CVE-2023-1101
was published
Mar 3, 2023
A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS)...
Critical
Unreviewed
CVE-2023-24080
was published
Feb 22, 2023
Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component....
Moderate
Unreviewed
CVE-2022-34389
was published
Feb 11, 2023
Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined...
Critical
Unreviewed
CVE-2023-0574
was published
Feb 9, 2023
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass the brute force protection...
Critical
Unreviewed
CVE-2023-24020
was published
Jan 31, 2023
Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency.
High
Unreviewed
CVE-2023-22960
was published
Jan 23, 2023
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced....
High
Unreviewed
CVE-2021-27782
was published
Jan 20, 2023
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Part of the application...
High
Unreviewed
CVE-2022-38491
was published
Jan 10, 2023
Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows...
High
Unreviewed
CVE-2022-26964
was published
Dec 26, 2022
Planet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative...
High
Unreviewed
CVE-2022-45893
was published
Dec 25, 2022
The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network...
High
Unreviewed
CVE-2022-23746
was published
Nov 30, 2022
Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts...
High
Unreviewed
CVE-2022-37772
was published
Nov 23, 2022
A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by...
High
Unreviewed
CVE-2022-4006
was published
Nov 16, 2022
Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon...
Critical
Unreviewed
CVE-2022-2166
was published
Nov 16, 2022
Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3.
Critical
Unreviewed
CVE-2022-3993
was published
Nov 14, 2022
Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita...
Moderate
Unreviewed
CVE-2022-3945
was published
Nov 11, 2022
User login brute force protection functionality bypass
Critical
Unreviewed
CVE-2022-27516
was published
Nov 9, 2022
PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by...
Moderate
Unreviewed
CVE-2022-44023
was published
Oct 30, 2022
PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by...
Moderate
Unreviewed
CVE-2022-44022
was published
Oct 30, 2022
Impact varies for each individual vulnerability in the application. For generation of accounts,...
Critical
Unreviewed
CVE-2022-3741
was published
Oct 28, 2022
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in...
Critical
Unreviewed
CVE-2022-35846
was published
Oct 18, 2022
An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate...
Critical
Unreviewed
CVE-2022-40055
was published
Oct 17, 2022
Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote...
Critical
Unreviewed
CVE-2022-31228
was published
Oct 13, 2022
ProTip!
Advisories are also available from the
GraphQL API