GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
88 advisories
Filter by severity
No Restriction of Excessive Authentication Attempts in Firefly III
Moderate
CVE-2021-3663
was published
for
grumpydictator/firefly-iii
(Composer)
Aug 9, 2021
A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows...
Moderate
Unreviewed
CVE-2022-25820
was published
Mar 11, 2022
There is no limit to the number of attempts to authenticate for the local configuration pages for...
Moderate
Unreviewed
CVE-2022-26519
was published
Apr 21, 2022
Compaq/Microcom 6000 Access Integrator does not disconnect a client after a certain number of...
Moderate
Unreviewed
CVE-1999-1152
was published
Apr 30, 2022
The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed...
Moderate
Unreviewed
CVE-2002-0628
was published
Apr 30, 2022
A specially crafted script could bypass the authentication of a maintenance port of Emerson...
Moderate
Unreviewed
CVE-2018-19021
was published
May 13, 2022
When the device is configured to perform account lockout with a defined period of time, any...
Moderate
Unreviewed
CVE-2017-10604
was published
May 13, 2022
A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker...
Moderate
Unreviewed
CVE-2018-16703
was published
May 13, 2022
The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated...
Moderate
Unreviewed
CVE-2014-2875
was published
May 17, 2022
There is an information disclosure vulnerability on Mate 9 Pro Huawei smartphones versions...
Moderate
Unreviewed
CVE-2019-5217
was published
May 24, 2022
A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS)...
Moderate
Unreviewed
CVE-2019-1126
was published
May 24, 2022
An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12...
Moderate
Unreviewed
CVE-2019-15577
was published
May 24, 2022
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over...
Moderate
Unreviewed
CVE-2019-13394
was published
May 24, 2022
OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system...
Moderate
Unreviewed
CVE-2020-14494
was published
May 24, 2022
A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist...
Moderate
Unreviewed
CVE-2020-5141
was published
May 24, 2022
An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because...
Moderate
Unreviewed
CVE-2020-29042
was published
May 24, 2022
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).
Moderate
Unreviewed
CVE-2020-29136
was published
May 24, 2022
An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User...
Moderate
Unreviewed
CVE-2020-28206
was published
May 24, 2022
A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings...
Moderate
Unreviewed
CVE-2021-1311
was published
May 24, 2022
Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an...
Moderate
Unreviewed
CVE-2021-20635
was published
May 24, 2022
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account...
Moderate
Unreviewed
CVE-2020-4891
was published
May 24, 2022
An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly...
Moderate
Unreviewed
CVE-2021-29648
was published
May 24, 2022
InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is...
Moderate
Unreviewed
CVE-2021-29023
was published
May 24, 2022
In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in...
Moderate
Unreviewed
CVE-2021-33190
was published
May 24, 2022
After requesting multiple permissions, and closing the first permission panel, subsequent...
Moderate
Unreviewed
CVE-2021-29987
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API