Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

317 advisories

Loading
eZ Platform Password reset vulnerability High
GHSA-cg84-55jx-4237 was published for ezsystems/ezplatform-admin-ui (Composer) May 15, 2024
KioWare for Windows (versions all through 8.35) allows to brute force the PIN number, which... Moderate Unreviewed
CVE-2024-3461 was published May 14, 2024
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass High
CVE-2024-32868 was published for github.com/zitadel/zitadel (Go) Apr 25, 2024
livio-a Skelmis
itz-d0dgy amit-laish muhlemmer peintnermax
Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress... Moderate Unreviewed
CVE-2024-32676 was published Apr 25, 2024
Improper restriction of excessive authentication attempts on some authentication methods in... Moderate Unreviewed
CVE-2024-28825 was published Apr 24, 2024
An Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Networks... Moderate Unreviewed
CVE-2024-30390 was published Apr 12, 2024
A vulnerability, which was classified as problematic, has been found in codelyfe Stupid Simple... Low Unreviewed
CVE-2024-3202 was published Apr 3, 2024
Bypassing Rate Limit and Brute Force Protection Using Cache Overflow Moderate
CVE-2024-21662 was published for github.com/argoproj/argo-cd/v2 (Go) Mar 18, 2024
nadava669 pasha-codefresh
crenshaw-dev todaywasawesome jannfis
CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that... Critical Unreviewed
CVE-2024-2051 was published Mar 18, 2024
Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss Moderate
CVE-2024-21652 was published for github.com/argoproj/argo-cd/v2 (Go) Mar 18, 2024
nadava669 pasha-codefresh
jannfis crenshaw-dev todaywasawesome
CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability High
CVE-2024-24767 was published for github.com/IceWhaleTech/CasaOS-UserService (Go) Mar 6, 2024
DrDark1999
An unauthenticated remote attacker can bypass the brute force prevention mechanism and disturb... High Unreviewed
CVE-2024-1104 was published Feb 22, 2024
Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security Moderate
CVE-2024-21500 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Dell RecoverPoint for Virtual Machines 5.3.x contains a brute force/dictionary attack... Moderate Unreviewed
CVE-2024-22425 was published Feb 16, 2024
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting... High Unreviewed
CVE-2023-45191 was published Feb 9, 2024
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection,... Moderate Unreviewed
CVE-2023-45190 was published Feb 9, 2024
IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting... High Unreviewed
CVE-2023-38273 was published Feb 2, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a... High Unreviewed
CVE-2023-50326 was published Feb 2, 2024
SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts,... Critical Unreviewed
CVE-2023-33759 was published Jan 25, 2024
The Omron FINS protocol has an authenticated feature to prevent access to memory regions.... High Unreviewed
CVE-2022-45790 was published Jan 22, 2024
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow... Critical Unreviewed
CVE-2024-22317 was published Jan 18, 2024
Devise-Two-Factor vulnerable to brute force attacks Moderate
CVE-2024-0227 was published for devise-two-factor (RubyGems) Jan 12, 2024 withdrawn
bsedat
The number of attempts to bring the Hozard Alarm system (alarmsystemen) v1.0 to a disarmed state... High Unreviewed
CVE-2023-50123 was published Jan 11, 2024
WWBN AVideo Improper Restriction of Excessive Authentication Attempts vulnerability High
CVE-2023-49810 was published for wwbn/avideo (Composer) Jan 10, 2024
Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an... High Unreviewed
CVE-2023-6912 was published Dec 20, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database