GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,086
Composer 4,077
Erlang 29
GitHub Actions 19
Go 1,900
Maven 5,098
npm 3,630
NuGet 638
pip 3,244
Pub 10
RubyGems 863
Rust 818
Swift 35

Unreviewed advisories

All unreviewed 228,414

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

87 advisories

Filter by severity

Sort by

Least recently updated

No Restriction of Excessive Authentication Attempts in Firefly III Moderate

CVE-2021-3663 was published for grumpydictator/firefly-iii (Composer) Aug 9, 2021

A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows... Moderate Unreviewed

CVE-2022-25820 was published Mar 11, 2022

There is no limit to the number of attempts to authenticate for the local configuration pages for... Moderate Unreviewed

CVE-2022-26519 was published Apr 21, 2022

Compaq/Microcom 6000 Access Integrator does not disconnect a client after a certain number of... Moderate Unreviewed

CVE-1999-1152 was published Apr 30, 2022

The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed... Moderate Unreviewed

CVE-2002-0628 was published Apr 30, 2022

A specially crafted script could bypass the authentication of a maintenance port of Emerson... Moderate Unreviewed

CVE-2018-19021 was published May 13, 2022

When the device is configured to perform account lockout with a defined period of time, any... Moderate Unreviewed

CVE-2017-10604 was published May 13, 2022

A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker... Moderate Unreviewed

CVE-2018-16703 was published May 13, 2022

The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated... Moderate Unreviewed

CVE-2014-2875 was published May 17, 2022

There is an information disclosure vulnerability on Mate 9 Pro Huawei smartphones versions... Moderate Unreviewed

CVE-2019-5217 was published May 24, 2022

A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS)... Moderate Unreviewed

CVE-2019-1126 was published May 24, 2022

An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12... Moderate Unreviewed

CVE-2019-15577 was published May 24, 2022

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over... Moderate Unreviewed

CVE-2019-13394 was published May 24, 2022

OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system... Moderate Unreviewed

CVE-2020-14494 was published May 24, 2022

A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist... Moderate Unreviewed

CVE-2020-5141 was published May 24, 2022

An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because... Moderate Unreviewed

CVE-2020-29042 was published May 24, 2022

In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575). Moderate Unreviewed

CVE-2020-29136 was published May 24, 2022

An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User... Moderate Unreviewed

CVE-2020-28206 was published May 24, 2022

A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings... Moderate Unreviewed

CVE-2021-1311 was published May 24, 2022

Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an... Moderate Unreviewed

CVE-2021-20635 was published May 24, 2022

IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account... Moderate Unreviewed

CVE-2020-4891 was published May 24, 2022

An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly... Moderate Unreviewed

CVE-2021-29648 was published May 24, 2022

InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is... Moderate Unreviewed

CVE-2021-29023 was published May 24, 2022

In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in... Moderate Unreviewed

CVE-2021-33190 was published May 24, 2022

After requesting multiple permissions, and closing the first permission panel, subsequent... Moderate Unreviewed

CVE-2021-29987 was published May 24, 2022

Previous 1 2 3 4 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

87 advisories