Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

303 advisories

Loading
No protection against brute-force attacks on login page High
CVE-2023-25156 was published for kiwitcms (pip) Feb 15, 2023
Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component.... Moderate Unreviewed
CVE-2022-34389 was published Feb 11, 2023
Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined... Critical Unreviewed
CVE-2023-0574 was published Feb 9, 2023
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass the brute force protection... Critical Unreviewed
CVE-2023-24020 was published Jan 31, 2023
Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency. High Unreviewed
CVE-2023-22960 was published Jan 23, 2023
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced.... High Unreviewed
CVE-2021-27782 was published Jan 20, 2023
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Part of the application... High Unreviewed
CVE-2022-38491 was published Jan 10, 2023
usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts Moderate
CVE-2022-4797 was published for github.com/usememos/memos (Go) Dec 28, 2022
Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows... High Unreviewed
CVE-2022-26964 was published Dec 26, 2022
Planet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative... High Unreviewed
CVE-2022-45893 was published Dec 25, 2022
The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network... High Unreviewed
CVE-2022-23746 was published Nov 30, 2022
wger vulnerable to brute force attempts Critical
CVE-2022-2650 was published for wger (pip) Nov 24, 2022
Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts... High Unreviewed
CVE-2022-37772 was published Nov 23, 2022
A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by... High Unreviewed
CVE-2022-4006 was published Nov 16, 2022
Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon... Critical Unreviewed
CVE-2022-2166 was published Nov 16, 2022
Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3. Critical Unreviewed
CVE-2022-3993 was published Nov 14, 2022
Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita... Moderate Unreviewed
CVE-2022-3945 was published Nov 11, 2022
User login brute force protection functionality bypass Critical Unreviewed
CVE-2022-27516 was published Nov 9, 2022
PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by... Moderate Unreviewed
CVE-2022-44023 was published Oct 30, 2022
PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by... Moderate Unreviewed
CVE-2022-44022 was published Oct 30, 2022
Impact varies for each individual vulnerability in the application. For generation of accounts,... Critical Unreviewed
CVE-2022-3741 was published Oct 28, 2022
Kirby CMS vulnerable to user enumeration in the code-based login and password reset forms Moderate
CVE-2022-39314 was published for getkirby/cms (Composer) Oct 18, 2022
florianmrz
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in... Critical Unreviewed
CVE-2022-35846 was published Oct 18, 2022
An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate... Critical Unreviewed
CVE-2022-40055 was published Oct 17, 2022
Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote... Critical Unreviewed
CVE-2022-31228 was published Oct 13, 2022
ProTip! Advisories are also available from the GraphQL API