Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

314 advisories

Loading
Improper Restriction of Excessive Authentication Attempts in Sorcery High
CVE-2020-11052 was published for sorcery (RubyGems) May 7, 2020
futuretap
Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3. Critical Unreviewed
CVE-2022-3993 was published Nov 14, 2022
No Restriction of Excessive Authentication Attempts in Firefly III Moderate
CVE-2021-3663 was published for grumpydictator/firefly-iii (Composer) Aug 9, 2021
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS... High Unreviewed
CVE-2021-40360 was published Feb 10, 2022
Pimcore 2FA Vulnerable to Brute Forcing Critical
CVE-2019-18985 was published for pimcore/pimcore (Composer) May 24, 2022
web2py is vulnerable to password brute-force attack Critical
CVE-2016-10321 was published for web2py (pip) May 14, 2022
OctoPrint does not have rate limiting on the login page Low
CVE-2022-2822 was published for OctoPrint (pip) Aug 16, 2022
Pimcore Discloses Usernames In Use High
CVE-2019-18986 was published for pimcore/pimcore (Composer) May 24, 2022
Keycloak Improper Bruteforce Detection High
CVE-2018-14657 was published for org.keycloak:keycloak-parent (Maven) May 13, 2022
User login brute force protection functionality bypass Critical Unreviewed
CVE-2022-27516 was published Nov 9, 2022
A vulnerability was found in PHPGurukul Online Shopping Portal 1.0. It has been declared as... Moderate Unreviewed
CVE-2023-3605 was published Jul 10, 2023
Froxlor vulnerable to Improper Restriction of Excessive Authentication Attempts Critical
CVE-2023-3173 was published for froxlor/froxlor (Composer) Jun 9, 2023
Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric... Moderate Unreviewed
CVE-2023-4625 was published Nov 6, 2023
UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks... Unknown Unreviewed
CVE-2023-37635 was published Oct 23, 2023
Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Smart TV... Low Unreviewed
CVE-2023-41270 was published Nov 8, 2023
AzuraCast missing brute force prevention Critical
CVE-2023-2531 was published for azuracast/azuracast (Composer) May 5, 2023
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple... High Unreviewed
CVE-2023-41350 was published Nov 3, 2023
Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake... Critical Unreviewed
CVE-2023-2675 was published Nov 13, 2023
The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute... Moderate Unreviewed
CVE-2023-42480 was published Nov 14, 2023
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail... Moderate Unreviewed
CVE-2023-45582 was published Nov 14, 2023
Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily... Critical Unreviewed
CVE-2023-5754 was published Oct 26, 2023
The cookie session ID is of insufficient length and can be exploited by brute force, which may... Critical Unreviewed
CVE-2023-42769 was published Oct 26, 2023
generator-jhipster allows a timing attack against validateToken due to a string comparison that stops at the first character High
CVE-2015-20110 was published for generator-jhipster (npm) Oct 31, 2023
A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows attackers to obtain user... High Unreviewed
CVE-2023-37832 was published Oct 31, 2023
Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined... Critical Unreviewed
CVE-2023-0574 was published Feb 9, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database