GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
87 advisories
Filter by severity
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting...
High
Unreviewed
CVE-2021-38890
was published
Nov 24, 2021
ENC DataVault 7.1.1W and VaultAPI v67, which is currently being used in various other...
High
Unreviewed
CVE-2021-36750
was published
Dec 23, 2021
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that...
High
Unreviewed
CVE-2021-22818
was published
Jan 29, 2022
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS...
High
Unreviewed
CVE-2021-40360
was published
Feb 10, 2022
Confd log files contain local users', including root’s, SHA512crypt password hashes with...
High
Unreviewed
CVE-2022-0652
was published
Mar 23, 2022
VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly...
High
Unreviewed
CVE-1999-1324
was published
Apr 30, 2022
Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which...
High
Unreviewed
CVE-2001-0395
was published
Apr 30, 2022
The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect...
High
Unreviewed
CVE-2001-1291
was published
Apr 30, 2022
Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when...
High
Unreviewed
CVE-2001-1339
was published
Apr 30, 2022
Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brute Force Weakness
High
Unreviewed
CVE-2013-2257
was published
May 5, 2022
If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The...
High
Unreviewed
CVE-2019-0039
was published
May 13, 2022
A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could...
High
Unreviewed
CVE-2017-12316
was published
May 13, 2022
htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through...
High
Unreviewed
CVE-2017-14423
was published
May 13, 2022
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 ...
High
Unreviewed
CVE-2022-24044
was published
May 21, 2022
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration,...
High
Unreviewed
CVE-2019-4068
was published
May 24, 2022
The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an...
High
Unreviewed
CVE-2019-14951
was published
May 24, 2022
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout...
High
Unreviewed
CVE-2019-4310
was published
May 24, 2022
Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of...
High
Unreviewed
CVE-2019-3746
was published
May 24, 2022
IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a...
High
Unreviewed
CVE-2019-4520
was published
May 24, 2022
Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel...
High
Unreviewed
CVE-2020-13872
was published
May 24, 2022
A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS...
High
Unreviewed
CVE-2020-15786
was published
May 24, 2022
Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows...
High
Unreviewed
CVE-2020-27423
was published
May 24, 2022
In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using...
High
Unreviewed
CVE-2020-35586
was published
May 24, 2022
In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force...
High
Unreviewed
CVE-2020-35585
was published
May 24, 2022
In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement...
High
Unreviewed
CVE-2021-3138
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API