GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,002
Maven
5,000+
npm
3,713
NuGet
661
pip
3,384
Pub
11
RubyGems
885
Rust
850
Swift
36
Unreviewed advisories
All unreviewed
5,000+
13 advisories
Filter by severity
No Restriction of Excessive Authentication Attempts in Firefly III
Moderate
CVE-2021-3663
was published
for
grumpydictator/firefly-iii
(Composer)
Aug 9, 2021
Pimcore Discloses Usernames In Use
High
CVE-2019-18986
was published
for
pimcore/pimcore
(Composer)
May 24, 2022
Pimcore 2FA Vulnerable to Brute Forcing
Critical
CVE-2019-18985
was published
for
pimcore/pimcore
(Composer)
May 24, 2022
Dolibarr Improper Restriction of Excessive Authentication Attempts
Critical
CVE-2020-7995
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
OATHAuth extension in MediaWiki is not implementing rate limit
High
CVE-2020-25827
was published
for
mediawiki/core
(Composer)
May 24, 2022
Kirby CMS vulnerable to user enumeration in the code-based login and password reset forms
Moderate
CVE-2022-39314
was published
for
getkirby/cms
(Composer)
Oct 18, 2022
AzuraCast missing brute force prevention
Critical
CVE-2023-2531
was published
for
azuracast/azuracast
(Composer)
May 5, 2023
Froxlor vulnerable to Improper Restriction of Excessive Authentication Attempts
Critical
CVE-2023-3173
was published
for
froxlor/froxlor
(Composer)
Jun 9, 2023
LibreNMS vulnerable to rate limiting bypass on login page
Moderate
CVE-2023-46745
was published
for
librenms/librenms
(Composer)
Nov 17, 2023
WWBN AVideo Improper Restriction of Excessive Authentication Attempts vulnerability
High
CVE-2023-49810
was published
for
wwbn/avideo
(Composer)
Jan 10, 2024
eZ Platform Password reset vulnerability
High
GHSA-cg84-55jx-4237
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
May 15, 2024
eZ Platform Admin UI Password reset vulnerability
High
GHSA-hfpp-2vhw-qq43
was published
for
ezsystems/ezplatform-user
(Composer)
May 15, 2024
Silverstripe Brute force bypass on default admin
Critical
GHSA-8v6m-7f5v-hhx6
was published
for
silverstripe/framework
(Composer)
May 23, 2024
ProTip!
Advisories are also available from the
GraphQL API