Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

87 advisories

Loading
InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is... Moderate Unreviewed
CVE-2021-29023 was published May 24, 2022
There is no limit to the number of attempts to authenticate for the local configuration pages for... Moderate Unreviewed
CVE-2022-26519 was published Apr 21, 2022
A specially crafted script could bypass the authentication of a maintenance port of Emerson... Moderate Unreviewed
CVE-2018-19021 was published May 13, 2022
While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being... Moderate Unreviewed
CVE-2022-22496 was published Jul 1, 2022
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control.... Moderate Unreviewed
CVE-2022-24689 was published Jul 19, 2022
Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita... Moderate Unreviewed
CVE-2022-3945 was published Nov 11, 2022
The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated... Moderate Unreviewed
CVE-2014-2875 was published May 17, 2022
An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12... Moderate Unreviewed
CVE-2019-15577 was published May 24, 2022
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over... Moderate Unreviewed
CVE-2019-13394 was published May 24, 2022
OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system... Moderate Unreviewed
CVE-2020-14494 was published May 24, 2022
An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because... Moderate Unreviewed
CVE-2020-29042 was published May 24, 2022
A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist... Moderate Unreviewed
CVE-2020-5141 was published May 24, 2022
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575). Moderate Unreviewed
CVE-2020-29136 was published May 24, 2022
An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User... Moderate Unreviewed
CVE-2020-28206 was published May 24, 2022
WiseConnect - ScreenConnect Session Code Bypass. An attacker would have to use a proxy to monitor... Moderate Unreviewed
CVE-2022-36781 was published Sep 29, 2022
Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an... Moderate Unreviewed
CVE-2021-20635 was published May 24, 2022
An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly... Moderate Unreviewed
CVE-2021-29648 was published May 24, 2022
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account... Moderate Unreviewed
CVE-2020-4891 was published May 24, 2022
In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in... Moderate Unreviewed
CVE-2021-33190 was published May 24, 2022
After requesting multiple permissions, and closing the first permission panel, subsequent... Moderate Unreviewed
CVE-2021-29987 was published May 24, 2022
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could... Moderate Unreviewed
CVE-2021-29842 was published May 24, 2022
Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php Moderate Unreviewed
CVE-2021-38725 was published May 24, 2022
Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A... Moderate Unreviewed
CVE-2021-36285 was published May 24, 2022
Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A... Moderate Unreviewed
CVE-2021-36284 was published May 24, 2022
Kirby CMS vulnerable to user enumeration in the code-based login and password reset forms Moderate
CVE-2022-39314 was published for getkirby/cms (Composer) Oct 18, 2022
florianmrz
ProTip! Advisories are also available from the GraphQL API