Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

319 advisories

Loading
In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement... High Unreviewed
CVE-2021-3138 was published May 24, 2022
A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings... Moderate Unreviewed
CVE-2021-1311 was published May 24, 2022
In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using... High Unreviewed
CVE-2020-35586 was published May 24, 2022
In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force... High Unreviewed
CVE-2020-35585 was published May 24, 2022
LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress... Critical Unreviewed
CVE-2020-35590 was published May 24, 2022
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH... Critical Unreviewed
CVE-2020-25196 was published May 24, 2022
An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User... Moderate Unreviewed
CVE-2020-28206 was published May 24, 2022
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575). Moderate Unreviewed
CVE-2020-29136 was published May 24, 2022
An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because... Moderate Unreviewed
CVE-2020-29042 was published May 24, 2022
Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows... High Unreviewed
CVE-2020-27423 was published May 24, 2022
tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid... Critical Unreviewed
CVE-2020-15906 was published May 24, 2022
A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist... Moderate Unreviewed
CVE-2020-5141 was published May 24, 2022
A ZTE product is impacted by the improper access control vulnerability. Due to lack of an... Critical Unreviewed
CVE-2020-6875 was published May 24, 2022
OATHAuth extension in MediaWiki is not implementing rate limit High
CVE-2020-25827 was published for mediawiki/core (Composer) May 24, 2022
An issue was discovered in Gradle Enterprise 2018.5. There is a lack of lock-out after excessive... Critical Unreviewed
CVE-2020-15770 was published May 24, 2022
A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS... High Unreviewed
CVE-2020-15786 was published May 24, 2022
OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system... Moderate Unreviewed
CVE-2020-14494 was published May 24, 2022
Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel... High Unreviewed
CVE-2020-13872 was published May 24, 2022
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet... Low Unreviewed
CVE-2020-11582 was published May 24, 2022
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over... Moderate Unreviewed
CVE-2019-13394 was published May 24, 2022
Dolibarr Improper Restriction of Excessive Authentication Attempts Critical
CVE-2020-7995 was published for dolibarr/dolibarr (Composer) May 24, 2022
An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12... Moderate Unreviewed
CVE-2019-15577 was published May 24, 2022
Pimcore 2FA Vulnerable to Brute Forcing Critical
CVE-2019-18985 was published for pimcore/pimcore (Composer) May 24, 2022
Pimcore Discloses Usernames In Use High
CVE-2019-18986 was published for pimcore/pimcore (Composer) May 24, 2022
AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force... Critical Unreviewed
CVE-2019-12941 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database