GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,094
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
102 advisories
Filter by severity
A vulnerability in Kaiten version 57.131.12 and earlier allows attackers to bypass the PIN code...
Critical
Unreviewed
CVE-2024-41276
was published
Oct 1, 2024
This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive...
Critical
Unreviewed
CVE-2024-47088
was published
Sep 19, 2024
An issue was discovered in Bravura Security Fabric versions 12.3.x before 12.3.5.32784, 12.4.x...
Critical
Unreviewed
CVE-2024-45523
was published
Sep 18, 2024
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for...
Critical
Unreviewed
CVE-2024-45790
was published
Sep 11, 2024
Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute...
Critical
Unreviewed
CVE-2024-43042
was published
Aug 16, 2024
Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions...
Critical
Unreviewed
CVE-2024-42466
was published
Aug 16, 2024
Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions...
Critical
Unreviewed
CVE-2024-42465
was published
Aug 16, 2024
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000...
Critical
Unreviewed
CVE-2024-39225
was published
Aug 6, 2024
CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that...
Critical
Unreviewed
CVE-2024-2051
was published
Mar 18, 2024
SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts,...
Critical
Unreviewed
CVE-2023-33759
was published
Jan 25, 2024
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow...
Critical
Unreviewed
CVE-2024-22317
was published
Jan 18, 2024
Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows...
Critical
Unreviewed
CVE-2023-27172
was published
Dec 20, 2023
EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess...
Critical
Unreviewed
CVE-2023-6928
was published
Dec 20, 2023
The Theme My Login 2FA WordPress plugin before 1.2 does not rate limit 2FA validation attempts,...
Critical
Unreviewed
CVE-2023-6272
was published
Dec 18, 2023
DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and...
Critical
Unreviewed
CVE-2023-49443
was published
Dec 8, 2023
Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web...
Critical
Unreviewed
CVE-2023-35039
was published
Dec 7, 2023
A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows...
Critical
Unreviewed
CVE-2023-24051
was published
Dec 5, 2023
kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the...
Critical
Unreviewed
CVE-2023-48028
was published
Nov 18, 2023
Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake...
Critical
Unreviewed
CVE-2023-2675
was published
Nov 13, 2023
Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily...
Critical
Unreviewed
CVE-2023-5754
was published
Oct 26, 2023
The cookie session ID is of insufficient length and can be exploited by
brute force, which may...
Critical
Unreviewed
CVE-2023-42769
was published
Oct 26, 2023
DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to...
Critical
Unreviewed
CVE-2023-27152
was published
Oct 23, 2023
OpenCart v4.0.2.2 is vulnerable to Brute Force Attack.
Critical
Unreviewed
CVE-2023-40834
was published
Sep 12, 2023
There is no limit on the number of login attempts in the web server for the SNAP PAC S1 Firmware...
Critical
Unreviewed
CVE-2023-40706
was published
Aug 24, 2023
Microsoft Exchange Server Elevation of Privilege Vulnerability
Critical
Unreviewed
CVE-2023-21709
was published
Aug 8, 2023
ProTip!
Advisories are also available from the
GraphQL API