Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

303 advisories

Loading
WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the... Critical Unreviewed
CVE-2022-33106 was published Oct 12, 2022
WiseConnect - ScreenConnect Session Code Bypass. An attacker would have to use a proxy to monitor... Moderate Unreviewed
CVE-2022-36781 was published Sep 29, 2022
There is a password verification vulnerability in WS7200-10 11.0.2.13. Attackers on the LAN may... Moderate Unreviewed
CVE-2022-33735 was published Sep 21, 2022
The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts... High Unreviewed
CVE-2022-37145 was published Sep 9, 2022
The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission... High Unreviewed
CVE-2022-37144 was published Sep 9, 2022
OctoPrint does not have rate limiting on the login page Low
CVE-2022-2822 was published for OctoPrint (pip) Aug 16, 2022
A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a... Critical Unreviewed
CVE-2022-2457 was published Aug 11, 2022
Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has a prevention against brute-force... Critical Unreviewed
CVE-2022-35490 was published Aug 9, 2022
An attacker can decrypt the Ovarro TBox login password by communication capture and brute force... Critical Unreviewed
CVE-2021-22640 was published Jul 29, 2022
Dell EMC PowerStore, contain(s) an Improper Restriction of Excessive Authentication Attempts... Critical Unreviewed
CVE-2022-31234 was published Jul 22, 2022
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control.... Moderate Unreviewed
CVE-2022-24689 was published Jul 19, 2022
IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could... High Unreviewed
CVE-2022-22452 was published Jul 15, 2022
Improper Restriction of Excessive Authentication Attempts Critical
CVE-2022-2321 was published for github.com/heroiclabs/nakama/v3 (Go) Jul 6, 2022
While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being... Moderate Unreviewed
CVE-2022-22496 was published Jul 1, 2022
An issue in TopIDP3000 Topsec Operating System tos_3.3.005.665b.15_smpidp allows attackers to... Critical Unreviewed
CVE-2022-31273 was published Jun 15, 2022
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design,... Moderate Unreviewed
CVE-2022-28384 was published Jun 9, 2022
An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for... Moderate Unreviewed
CVE-2022-28386 was published Jun 9, 2022
Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict... Critical Unreviewed
CVE-2022-29084 was published Jun 3, 2022
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that... Critical Unreviewed
CVE-2022-30235 was published Jun 3, 2022
A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact... Critical Unreviewed
CVE-2013-10004 was published May 25, 2022
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC... Critical Unreviewed
CVE-2020-28212 was published May 24, 2022
Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager,... Critical Unreviewed
CVE-2021-32522 was published May 24, 2022
In Ionic Identity Vault before 5.0.5, the protection mechanism for invalid unlock attempts can be... Moderate Unreviewed
CVE-2021-44033 was published May 24, 2022
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an... Moderate Unreviewed
CVE-2021-43332 was published May 24, 2022
An issue was discovered in Fimer Aurora Vision before 2.97.10. The response to a failed login... Moderate Unreviewed
CVE-2021-33209 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API