Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

303 advisories

Loading
Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication... Critical Unreviewed
CVE-2019-18235 was published May 24, 2022
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account... Moderate Unreviewed
CVE-2020-4891 was published May 24, 2022
A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE... High Unreviewed
CVE-2021-25676 was published May 24, 2022
An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is... High Unreviewed
CVE-2021-27935 was published May 24, 2022
The telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does... Critical Unreviewed
CVE-2021-25309 was published May 24, 2022
EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might... Critical Unreviewed
CVE-2021-27514 was published May 24, 2022
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login... Critical Unreviewed
CVE-2020-35565 was published May 24, 2022
The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a... High Unreviewed
CVE-2021-27188 was published May 24, 2022
Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an... Moderate Unreviewed
CVE-2021-20635 was published May 24, 2022
In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement... High Unreviewed
CVE-2021-3138 was published May 24, 2022
A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings... Moderate Unreviewed
CVE-2021-1311 was published May 24, 2022
In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using... High Unreviewed
CVE-2020-35586 was published May 24, 2022
In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force... High Unreviewed
CVE-2020-35585 was published May 24, 2022
LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress... Critical Unreviewed
CVE-2020-35590 was published May 24, 2022
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH... Critical Unreviewed
CVE-2020-25196 was published May 24, 2022
An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User... Moderate Unreviewed
CVE-2020-28206 was published May 24, 2022
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575). Moderate Unreviewed
CVE-2020-29136 was published May 24, 2022
An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because... Moderate Unreviewed
CVE-2020-29042 was published May 24, 2022
Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows... High Unreviewed
CVE-2020-27423 was published May 24, 2022
tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid... Critical Unreviewed
CVE-2020-15906 was published May 24, 2022
A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist... Moderate Unreviewed
CVE-2020-5141 was published May 24, 2022
A ZTE product is impacted by the improper access control vulnerability. Due to lack of an... Critical Unreviewed
CVE-2020-6875 was published May 24, 2022
OATHAuth extension in MediaWiki is not implementing rate limit High
CVE-2020-25827 was published for mediawiki/core (Composer) May 24, 2022
An issue was discovered in Gradle Enterprise 2018.5. There is a lack of lock-out after excessive... Critical Unreviewed
CVE-2020-15770 was published May 24, 2022
A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS... High Unreviewed
CVE-2020-15786 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API