GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
321 advisories
Filter by severity
Confd log files contain local users', including root’s, SHA512crypt password hashes with...
High
Unreviewed
CVE-2022-0652
was published
Mar 23, 2022
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to...
Critical
Unreviewed
CVE-2021-43958
was published
Mar 17, 2022
A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows...
Moderate
Unreviewed
CVE-2022-25820
was published
Mar 11, 2022
A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3...
Critical
Unreviewed
CVE-2022-26314
was published
Mar 9, 2022
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that...
Critical
Unreviewed
CVE-2022-22810
was published
Feb 11, 2022
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS...
High
Unreviewed
CVE-2021-40360
was published
Feb 10, 2022
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that...
High
Unreviewed
CVE-2021-22818
was published
Jan 29, 2022
The code that performs password matching when using 'Basic' HTTP authentication does not use a...
Critical
Unreviewed
CVE-2021-43298
was published
Jan 26, 2022
Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication...
Critical
Unreviewed
CVE-2022-22553
was published
Jan 22, 2022
Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873...
Critical
Unreviewed
CVE-2021-41807
was published
Jan 19, 2022
An issue in the user login box of LJCMS v1.11 allows attackers to hijack user accounts via brute...
Critical
Unreviewed
CVE-2020-21237
was published
Dec 29, 2021
An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute...
Critical
Unreviewed
CVE-2020-21238
was published
Dec 29, 2021
ENC DataVault 7.1.1W and VaultAPI v67, which is currently being used in various other...
High
Unreviewed
CVE-2021-36750
was published
Dec 23, 2021
Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account...
Critical
Unreviewed
CVE-2021-37934
was published
Dec 11, 2021
Missing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase®...
Critical
Unreviewed
CVE-2021-42544
was published
Dec 1, 2021
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting...
High
Unreviewed
CVE-2021-38890
was published
Nov 24, 2021
A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000,...
Critical
Unreviewed
CVE-2021-41435
was published
Nov 20, 2021
Improper Restriction of Excessive Authentication Attempts in py-bcrypt
High
CVE-2013-1895
was published
for
py-bcrypt
(pip)
Oct 12, 2021
No Restriction of Excessive Authentication Attempts in Firefly III
Moderate
CVE-2021-3663
was published
for
grumpydictator/firefly-iii
(Composer)
Aug 9, 2021
Improper Restriction of Excessive Authentication Attempts in Argo API
High
CVE-2020-8827
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 26, 2021
Improper Restriction of Excessive Authentication Attempts in Sorcery
High
CVE-2020-11052
was published
for
sorcery
(RubyGems)
May 7, 2020
ProTip!
Advisories are also available from the
GraphQL API