Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,153
Maven
5,000+
npm
3,818
NuGet
693
pip
3,492
Pub
12
RubyGems
902
Rust
903
Swift
38
Unreviewed advisories
All unreviewed
5,000+

109 advisories

Loading
The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission... High Unreviewed
CVE-2022-37144 was published Sep 9, 2022
The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts... High Unreviewed
CVE-2022-37145 was published Sep 9, 2022
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout... High Unreviewed
CVE-2019-4310 was published May 24, 2022
If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The... High Unreviewed
CVE-2019-0039 was published May 13, 2022
IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a... High Unreviewed
CVE-2019-4520 was published May 24, 2022
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting... High Unreviewed
CVE-2021-38890 was published Nov 24, 2021
A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could... High Unreviewed
CVE-2017-12316 was published May 13, 2022
htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through... High Unreviewed
CVE-2017-14423 was published May 13, 2022
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration,... High Unreviewed
CVE-2019-4068 was published May 24, 2022
ENC DataVault 7.1.1W and VaultAPI v67, which is currently being used in various other... High Unreviewed
CVE-2021-36750 was published Dec 23, 2021
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that... High Unreviewed
CVE-2021-22818 was published Jan 29, 2022
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced.... High Unreviewed
CVE-2021-27782 was published Jan 20, 2023
Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency. High Unreviewed
CVE-2023-22960 was published Jan 23, 2023
Improper Restriction of Excessive Authentication Attempts in modoboa High
CVE-2023-0860 was published for modoboa (pip) Feb 16, 2023
No protection against brute-force attacks on login page High
CVE-2023-25156 was published for kiwitcms (pip) Feb 15, 2023
XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor High
CVE-2023-26476 was published for org.xwiki.platform:xwiki-platform-livetable-ui (Maven) Mar 3, 2023
SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an... High Unreviewed
CVE-2023-1101 was published Mar 3, 2023
Improper Restriction of Excessive Authentication Attempts in Sorcery High
CVE-2020-11052 was published for sorcery (RubyGems) May 7, 2020
futuretap
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS... High Unreviewed
CVE-2021-40360 was published Feb 10, 2022
Pimcore Discloses Usernames In Use High
CVE-2019-18986 was published for pimcore/pimcore (Composer) May 24, 2022
Keycloak Improper Bruteforce Detection High
CVE-2018-14657 was published for org.keycloak:keycloak-parent (Maven) May 13, 2022
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple... High Unreviewed
CVE-2023-41350 was published Nov 3, 2023
generator-jhipster allows a timing attack against validateToken due to a string comparison that stops at the first character High
CVE-2015-20110 was published for generator-jhipster (npm) Oct 31, 2023
A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows attackers to obtain user... High Unreviewed
CVE-2023-37832 was published Oct 31, 2023
By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI... High Unreviewed
CVE-2023-50444 was published Dec 13, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database