Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,153
Maven
5,000+
npm
3,818
NuGet
693
pip
3,492
Pub
12
RubyGems
902
Rust
903
Swift
38
Unreviewed advisories
All unreviewed
5,000+

109 advisories

Loading
The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect... High Unreviewed
CVE-2001-1291 was published Apr 30, 2022
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting... High Unreviewed
CVE-2023-45191 was published Feb 9, 2024
Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which... High Unreviewed
CVE-2001-0395 was published Apr 30, 2022
Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when... High Unreviewed
CVE-2001-1339 was published Apr 30, 2022
IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting... High Unreviewed
CVE-2023-38273 was published Feb 2, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a... High Unreviewed
CVE-2023-50326 was published Feb 2, 2024
The number of attempts to bring the Hozard Alarm system (alarmsystemen) v1.0 to a disarmed state... High Unreviewed
CVE-2023-50123 was published Jan 11, 2024
The Omron FINS protocol has an authenticated feature to prevent access to memory regions.... High Unreviewed
CVE-2022-45790 was published Jan 22, 2024
WWBN AVideo Improper Restriction of Excessive Authentication Attempts vulnerability High
CVE-2023-49810 was published for wwbn/avideo (Composer) Jan 10, 2024
By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI... High Unreviewed
CVE-2023-50444 was published Dec 13, 2023
A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows attackers to obtain user... High Unreviewed
CVE-2023-37832 was published Oct 31, 2023
generator-jhipster allows a timing attack against validateToken due to a string comparison that stops at the first character High
CVE-2015-20110 was published for generator-jhipster (npm) Oct 31, 2023
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple... High Unreviewed
CVE-2023-41350 was published Nov 3, 2023
Keycloak Improper Bruteforce Detection High
CVE-2018-14657 was published for org.keycloak:keycloak-parent (Maven) May 13, 2022
Pimcore Discloses Usernames In Use High
CVE-2019-18986 was published for pimcore/pimcore (Composer) May 24, 2022
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS... High Unreviewed
CVE-2021-40360 was published Feb 10, 2022
Improper Restriction of Excessive Authentication Attempts in Sorcery High
CVE-2020-11052 was published for sorcery (RubyGems) May 7, 2020
futuretap
SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an... High Unreviewed
CVE-2023-1101 was published Mar 3, 2023
XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor High
CVE-2023-26476 was published for org.xwiki.platform:xwiki-platform-livetable-ui (Maven) Mar 3, 2023
No protection against brute-force attacks on login page High
CVE-2023-25156 was published for kiwitcms (pip) Feb 15, 2023
Improper Restriction of Excessive Authentication Attempts in modoboa High
CVE-2023-0860 was published for modoboa (pip) Feb 16, 2023
Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency. High Unreviewed
CVE-2023-22960 was published Jan 23, 2023
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced.... High Unreviewed
CVE-2021-27782 was published Jan 20, 2023
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that... High Unreviewed
CVE-2021-22818 was published Jan 29, 2022
ENC DataVault 7.1.1W and VaultAPI v67, which is currently being used in various other... High Unreviewed
CVE-2021-36750 was published Dec 23, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database