GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
303 advisories
Filter by severity
Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication...
Critical
Unreviewed
CVE-2019-18235
was published
May 24, 2022
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account...
Moderate
Unreviewed
CVE-2020-4891
was published
May 24, 2022
A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE...
High
Unreviewed
CVE-2021-25676
was published
May 24, 2022
An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is...
High
Unreviewed
CVE-2021-27935
was published
May 24, 2022
The telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does...
Critical
Unreviewed
CVE-2021-25309
was published
May 24, 2022
EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might...
Critical
Unreviewed
CVE-2021-27514
was published
May 24, 2022
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login...
Critical
Unreviewed
CVE-2020-35565
was published
May 24, 2022
The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a...
High
Unreviewed
CVE-2021-27188
was published
May 24, 2022
Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an...
Moderate
Unreviewed
CVE-2021-20635
was published
May 24, 2022
In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement...
High
Unreviewed
CVE-2021-3138
was published
May 24, 2022
A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings...
Moderate
Unreviewed
CVE-2021-1311
was published
May 24, 2022
In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using...
High
Unreviewed
CVE-2020-35586
was published
May 24, 2022
In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force...
High
Unreviewed
CVE-2020-35585
was published
May 24, 2022
LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress...
Critical
Unreviewed
CVE-2020-35590
was published
May 24, 2022
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH...
Critical
Unreviewed
CVE-2020-25196
was published
May 24, 2022
An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User...
Moderate
Unreviewed
CVE-2020-28206
was published
May 24, 2022
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).
Moderate
Unreviewed
CVE-2020-29136
was published
May 24, 2022
An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because...
Moderate
Unreviewed
CVE-2020-29042
was published
May 24, 2022
Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows...
High
Unreviewed
CVE-2020-27423
was published
May 24, 2022
tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid...
Critical
Unreviewed
CVE-2020-15906
was published
May 24, 2022
A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist...
Moderate
Unreviewed
CVE-2020-5141
was published
May 24, 2022
A ZTE product is impacted by the improper access control vulnerability. Due to lack of an...
Critical
Unreviewed
CVE-2020-6875
was published
May 24, 2022
OATHAuth extension in MediaWiki is not implementing rate limit
High
CVE-2020-25827
was published
for
mediawiki/core
(Composer)
May 24, 2022
An issue was discovered in Gradle Enterprise 2018.5. There is a lack of lock-out after excessive...
Critical
Unreviewed
CVE-2020-15770
was published
May 24, 2022
A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS...
High
Unreviewed
CVE-2020-15786
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API