GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,328
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+
314 advisories
Filter by severity
Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows...
High
Unreviewed
CVE-2022-26964
was published
Dec 26, 2022
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet...
Low
Unreviewed
CVE-2020-11582
was published
May 24, 2022
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over...
Moderate
Unreviewed
CVE-2019-13394
was published
May 24, 2022
A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by...
High
Unreviewed
CVE-2022-4006
was published
Nov 16, 2022
An issue was discovered in Gradle Enterprise 2018.5. There is a lack of lock-out after excessive...
Critical
Unreviewed
CVE-2020-15770
was published
May 24, 2022
OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system...
Moderate
Unreviewed
CVE-2020-14494
was published
May 24, 2022
A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS...
High
Unreviewed
CVE-2020-15786
was published
May 24, 2022
WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the...
Critical
Unreviewed
CVE-2022-33106
was published
Oct 12, 2022
tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid...
Critical
Unreviewed
CVE-2020-15906
was published
May 24, 2022
A ZTE product is impacted by the improper access control vulnerability. Due to lack of an...
Critical
Unreviewed
CVE-2020-6875
was published
May 24, 2022
An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because...
Moderate
Unreviewed
CVE-2020-29042
was published
May 24, 2022
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH...
Critical
Unreviewed
CVE-2020-25196
was published
May 24, 2022
A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist...
Moderate
Unreviewed
CVE-2020-5141
was published
May 24, 2022
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).
Moderate
Unreviewed
CVE-2020-29136
was published
May 24, 2022
An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User...
Moderate
Unreviewed
CVE-2020-28206
was published
May 24, 2022
WiseConnect - ScreenConnect Session Code Bypass. An attacker would have to use a proxy to monitor...
Moderate
Unreviewed
CVE-2022-36781
was published
Sep 29, 2022
Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote...
Critical
Unreviewed
CVE-2022-31228
was published
Oct 13, 2022
In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force...
High
Unreviewed
CVE-2020-35585
was published
May 24, 2022
Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows...
High
Unreviewed
CVE-2020-27423
was published
May 24, 2022
In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement...
High
Unreviewed
CVE-2021-3138
was published
May 24, 2022
Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an...
Moderate
Unreviewed
CVE-2021-20635
was published
May 24, 2022
The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a...
High
Unreviewed
CVE-2021-27188
was published
May 24, 2022
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login...
Critical
Unreviewed
CVE-2020-35565
was published
May 24, 2022
LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress...
Critical
Unreviewed
CVE-2020-35590
was published
May 24, 2022
An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly...
Moderate
Unreviewed
CVE-2021-29648
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API