Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

18 advisories

Loading
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass High
CVE-2024-32868 was published for github.com/zitadel/zitadel (Go) Apr 25, 2024
livio-a Skelmis
itz-d0dgy amit-laish muhlemmer peintnermax
Improper Restriction of Excessive Authentication Attempts in py-bcrypt High
CVE-2013-1895 was published for py-bcrypt (pip) Oct 12, 2021
Improper Restriction of Excessive Authentication Attempts in Argo API High
CVE-2020-8827 was published for github.com/argoproj/argo-cd (Go) Jul 26, 2021
OATHAuth extension in MediaWiki is not implementing rate limit High
CVE-2020-25827 was published for mediawiki/core (Composer) May 24, 2022
eZ Platform Admin UI Password reset vulnerability High
GHSA-hfpp-2vhw-qq43 was published for ezsystems/ezplatform-user (Composer) May 15, 2024
eZ Platform Password reset vulnerability High
GHSA-cg84-55jx-4237 was published for ezsystems/ezplatform-admin-ui (Composer) May 15, 2024
OpenStack Keystone allows information disclosure during account locking High
CVE-2021-38155 was published for keystone (pip) May 24, 2022
SaltStack RSA Key Generation allows remote users to decrypt communications High
CVE-2013-2228 was published for salt (pip) May 5, 2022
CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability High
CVE-2024-24767 was published for github.com/IceWhaleTech/CasaOS-UserService (Go) Mar 6, 2024
DrDark1999
WWBN AVideo Improper Restriction of Excessive Authentication Attempts vulnerability High
CVE-2023-49810 was published for wwbn/avideo (Composer) Jan 10, 2024
Keycloak Improper Bruteforce Detection High
CVE-2018-14657 was published for org.keycloak:keycloak-parent (Maven) May 13, 2022
Pimcore Discloses Usernames In Use High
CVE-2019-18986 was published for pimcore/pimcore (Composer) May 24, 2022
Improper Restriction of Excessive Authentication Attempts in Sorcery High
CVE-2020-11052 was published for sorcery (RubyGems) May 7, 2020
futuretap
Flask-AppBuilder Has No Rate Limiting on Login AUTH DB High
CVE-2023-29005 was published for Flask-AppBuilder (pip) Apr 10, 2023
XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor High
CVE-2023-26476 was published for org.xwiki.platform:xwiki-platform-livetable-ui (Maven) Mar 3, 2023
No protection against brute-force attacks on login page High
CVE-2023-25156 was published for kiwitcms (pip) Feb 15, 2023
Improper Restriction of Excessive Authentication Attempts in modoboa High
CVE-2023-0860 was published for modoboa (pip) Feb 16, 2023
ProTip! Advisories are also available from the GraphQL API