GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,704
Composer 4,237
Erlang 31
GitHub Actions 20
Go 2,000
Maven 5,183
npm 3,711
NuGet 661
pip 3,383
Pub 11
RubyGems 885
Rust 849
Swift 36

Unreviewed advisories

All unreviewed 235,477

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

277 advisories

Filter by severity

Sort by

Least recently updated

A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000,... Critical Unreviewed

CVE-2021-41435 was published Nov 20, 2021

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting... High Unreviewed

CVE-2021-38890 was published Nov 24, 2021

Missing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbHâ€™s TopEaseÂ®... Critical Unreviewed

CVE-2021-42544 was published Dec 1, 2021

Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account... Critical Unreviewed

CVE-2021-37934 was published Dec 11, 2021

ENC DataVault 7.1.1W and VaultAPI v67, which is currently being used in various other... High Unreviewed

CVE-2021-36750 was published Dec 23, 2021

An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute... Critical Unreviewed

CVE-2020-21238 was published Dec 29, 2021

An issue in the user login box of LJCMS v1.11 allows attackers to hijack user accounts via brute... Critical Unreviewed

CVE-2020-21237 was published Dec 29, 2021

Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873... Critical Unreviewed

CVE-2021-41807 was published Jan 19, 2022

Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication... Critical Unreviewed

CVE-2022-22553 was published Jan 22, 2022

The code that performs password matching when using 'Basic' HTTP authentication does not use a... Critical Unreviewed

CVE-2021-43298 was published Jan 26, 2022

A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that... High Unreviewed

CVE-2021-22818 was published Jan 29, 2022

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS... High Unreviewed

CVE-2021-40360 was published Feb 10, 2022

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that... Critical Unreviewed

CVE-2022-22810 was published Feb 11, 2022

A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3... Critical Unreviewed

CVE-2022-26314 was published Mar 9, 2022

A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows... Moderate Unreviewed

CVE-2022-25820 was published Mar 11, 2022

Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to... Critical Unreviewed

CVE-2021-43958 was published Mar 17, 2022

Confd log files contain local users', including rootâ€™s, SHA512crypt password hashes with... High Unreviewed

CVE-2022-0652 was published Mar 23, 2022

Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper restriction of excessive... Critical Unreviewed

CVE-2022-22561 was published Apr 13, 2022

There is no limit to the number of attempts to authenticate for the local configuration pages for... Moderate Unreviewed

CVE-2022-26519 was published Apr 21, 2022

Compaq/Microcom 6000 Access Integrator does not disconnect a client after a certain number of... Moderate Unreviewed

CVE-1999-1152 was published Apr 30, 2022

VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly... High Unreviewed

CVE-1999-1324 was published Apr 30, 2022

Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which... High Unreviewed

CVE-2001-0395 was published Apr 30, 2022

The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect... High Unreviewed

CVE-2001-1291 was published Apr 30, 2022

Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when... High Unreviewed

CVE-2001-1339 was published Apr 30, 2022

The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed... Moderate Unreviewed

CVE-2002-0628 was published Apr 30, 2022

Previous 1 2 3 4 5 … 11 12 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

277 advisories