GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
279 advisories
Filter by severity
InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is...
Moderate
Unreviewed
CVE-2021-29023
was published
May 24, 2022
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to...
Critical
Unreviewed
CVE-2021-43958
was published
Mar 17, 2022
Confd log files contain local users', including root’s, SHA512crypt password hashes with...
High
Unreviewed
CVE-2022-0652
was published
Mar 23, 2022
Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper restriction of excessive...
Critical
Unreviewed
CVE-2022-22561
was published
Apr 13, 2022
There is no limit to the number of attempts to authenticate for the local configuration pages for...
Moderate
Unreviewed
CVE-2022-26519
was published
Apr 21, 2022
A specially crafted script could bypass the authentication of a maintenance port of Emerson...
Moderate
Unreviewed
CVE-2018-19021
was published
May 13, 2022
An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is...
High
Unreviewed
CVE-2021-27935
was published
May 24, 2022
A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact...
Critical
Unreviewed
CVE-2013-10004
was published
May 25, 2022
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that...
Critical
Unreviewed
CVE-2022-30235
was published
Jun 3, 2022
Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict...
Critical
Unreviewed
CVE-2022-29084
was published
Jun 3, 2022
While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being...
Moderate
Unreviewed
CVE-2022-22496
was published
Jul 1, 2022
An issue in TopIDP3000 Topsec Operating System tos_3.3.005.665b.15_smpidp allows attackers to...
Critical
Unreviewed
CVE-2022-31273
was published
Jun 15, 2022
IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could...
High
Unreviewed
CVE-2022-22452
was published
Jul 15, 2022
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control....
Moderate
Unreviewed
CVE-2022-24689
was published
Jul 19, 2022
Dell EMC PowerStore, contain(s) an Improper Restriction of Excessive Authentication Attempts...
Critical
Unreviewed
CVE-2022-31234
was published
Jul 22, 2022
An attacker can decrypt the Ovarro TBox login password by communication capture and brute force...
Critical
Unreviewed
CVE-2021-22640
was published
Jul 29, 2022
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Part of the application...
High
Unreviewed
CVE-2022-38491
was published
Jan 10, 2023
Planet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative...
High
Unreviewed
CVE-2022-45893
was published
Dec 25, 2022
Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon...
Critical
Unreviewed
CVE-2022-2166
was published
Nov 16, 2022
Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita...
Moderate
Unreviewed
CVE-2022-3945
was published
Nov 11, 2022
The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated...
Moderate
Unreviewed
CVE-2014-2875
was published
May 17, 2022
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 ...
High
Unreviewed
CVE-2022-24044
was published
May 21, 2022
A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a...
Critical
Unreviewed
CVE-2022-2457
was published
Aug 11, 2022
An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12...
Moderate
Unreviewed
CVE-2019-15577
was published
May 24, 2022
Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows...
High
Unreviewed
CVE-2022-26964
was published
Dec 26, 2022
ProTip!
Advisories are also available from the
GraphQL API