Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

317 advisories

Loading
Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows... Critical Unreviewed
CVE-2023-27172 was published Dec 20, 2023
EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess... Critical Unreviewed
CVE-2023-6928 was published Dec 20, 2023
The Theme My Login 2FA WordPress plugin before 1.2 does not rate limit 2FA validation attempts,... Critical Unreviewed
CVE-2023-6272 was published Dec 18, 2023
By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI... High Unreviewed
CVE-2023-50444 was published Dec 13, 2023
A vulnerability was found in Thecosy IceCMS 2.0.1. It has been classified as problematic.... Moderate Unreviewed
CVE-2023-6756 was published Dec 13, 2023
DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and... Critical Unreviewed
CVE-2023-49443 was published Dec 8, 2023
Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web... Critical Unreviewed
CVE-2023-35039 was published Dec 7, 2023
A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows... Critical Unreviewed
CVE-2023-24051 was published Dec 5, 2023
kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the... Critical Unreviewed
CVE-2023-48028 was published Nov 18, 2023
LibreNMS vulnerable to rate limiting bypass on login page Moderate
CVE-2023-46745 was published for librenms/librenms (Composer) Nov 17, 2023
rook1337
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail... Moderate Unreviewed
CVE-2023-45582 was published Nov 14, 2023
The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute... Moderate Unreviewed
CVE-2023-42480 was published Nov 14, 2023
Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake... Critical Unreviewed
CVE-2023-2675 was published Nov 13, 2023
Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Smart TV... Low Unreviewed
CVE-2023-41270 was published Nov 8, 2023
Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric... Moderate Unreviewed
CVE-2023-4625 was published Nov 6, 2023
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple... High Unreviewed
CVE-2023-41350 was published Nov 3, 2023
A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows attackers to obtain user... High Unreviewed
CVE-2023-37832 was published Oct 31, 2023
generator-jhipster allows a timing attack against validateToken due to a string comparison that stops at the first character High
CVE-2015-20110 was published for generator-jhipster (npm) Oct 31, 2023
Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily... Critical Unreviewed
CVE-2023-5754 was published Oct 26, 2023
The cookie session ID is of insufficient length and can be exploited by brute force, which may... Critical Unreviewed
CVE-2023-42769 was published Oct 26, 2023
UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks... Unknown Unreviewed
CVE-2023-37635 was published Oct 23, 2023
DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to... Critical Unreviewed
CVE-2023-27152 was published Oct 23, 2023
The TETRA TEA1 keystream generator implements a key register initialization function that... High Unreviewed
CVE-2022-24402 was published Oct 19, 2023
Vulnerability of brute-force attacks on the device authentication module.Successful exploitation... High Unreviewed
CVE-2023-44096 was published Oct 11, 2023
Vulnerability of brute-force attacks on the device authentication module.Successful exploitation... High Unreviewed
CVE-2023-44111 was published Oct 11, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database