GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,249
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
319 advisories
Filter by severity
In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement...
High
Unreviewed
CVE-2021-3138
was published
May 24, 2022
A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings...
Moderate
Unreviewed
CVE-2021-1311
was published
May 24, 2022
In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force...
High
Unreviewed
CVE-2020-35585
was published
May 24, 2022
In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using...
High
Unreviewed
CVE-2020-35586
was published
May 24, 2022
LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress...
Critical
Unreviewed
CVE-2020-35590
was published
May 24, 2022
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH...
Critical
Unreviewed
CVE-2020-25196
was published
May 24, 2022
An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User...
Moderate
Unreviewed
CVE-2020-28206
was published
May 24, 2022
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).
Moderate
Unreviewed
CVE-2020-29136
was published
May 24, 2022
An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because...
Moderate
Unreviewed
CVE-2020-29042
was published
May 24, 2022
Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows...
High
Unreviewed
CVE-2020-27423
was published
May 24, 2022
tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid...
Critical
Unreviewed
CVE-2020-15906
was published
May 24, 2022
A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist...
Moderate
Unreviewed
CVE-2020-5141
was published
May 24, 2022
A ZTE product is impacted by the improper access control vulnerability. Due to lack of an...
Critical
Unreviewed
CVE-2020-6875
was published
May 24, 2022
OATHAuth extension in MediaWiki is not implementing rate limit
High
CVE-2020-25827
was published
for
mediawiki/core
(Composer)
May 24, 2022
An issue was discovered in Gradle Enterprise 2018.5. There is a lack of lock-out after excessive...
Critical
Unreviewed
CVE-2020-15770
was published
May 24, 2022
A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS...
High
Unreviewed
CVE-2020-15786
was published
May 24, 2022
OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system...
Moderate
Unreviewed
CVE-2020-14494
was published
May 24, 2022
Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel...
High
Unreviewed
CVE-2020-13872
was published
May 24, 2022
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet...
Low
Unreviewed
CVE-2020-11582
was published
May 24, 2022
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over...
Moderate
Unreviewed
CVE-2019-13394
was published
May 24, 2022
Dolibarr Improper Restriction of Excessive Authentication Attempts
Critical
CVE-2020-7995
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12...
Moderate
Unreviewed
CVE-2019-15577
was published
May 24, 2022
Pimcore Discloses Usernames In Use
High
CVE-2019-18986
was published
for
pimcore/pimcore
(Composer)
May 24, 2022
Pimcore 2FA Vulnerable to Brute Forcing
Critical
CVE-2019-18985
was published
for
pimcore/pimcore
(Composer)
May 24, 2022
AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force...
Critical
Unreviewed
CVE-2019-12941
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API