GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,014
Maven
5,000+
npm
3,721
NuGet
662
pip
3,393
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
319 advisories
Filter by severity
Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Appointment...
Moderate
Unreviewed
CVE-2024-32720
was published
May 17, 2024
eZ Platform Admin UI Password reset vulnerability
High
GHSA-hfpp-2vhw-qq43
was published
for
ezsystems/ezplatform-user
(Composer)
May 15, 2024
eZ Platform Password reset vulnerability
High
GHSA-cg84-55jx-4237
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
May 15, 2024
KioWare for Windows (versions all through 8.35) allows to brute force the PIN number, which...
Moderate
Unreviewed
CVE-2024-3461
was published
May 14, 2024
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass
High
CVE-2024-32868
was published
for
github.com/zitadel/zitadel
(Go)
Apr 25, 2024
Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress...
Moderate
Unreviewed
CVE-2024-32676
was published
Apr 25, 2024
Improper restriction of excessive authentication attempts on some authentication methods in...
Moderate
Unreviewed
CVE-2024-28825
was published
Apr 24, 2024
An Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Networks...
Moderate
Unreviewed
CVE-2024-30390
was published
Apr 12, 2024
A vulnerability, which was classified as problematic, has been found in codelyfe Stupid Simple...
Low
Unreviewed
CVE-2024-3202
was published
Apr 3, 2024
Bypassing Rate Limit and Brute Force Protection Using Cache Overflow
Moderate
CVE-2024-21662
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Mar 18, 2024
CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that...
Critical
Unreviewed
CVE-2024-2051
was published
Mar 18, 2024
Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss
Moderate
CVE-2024-21652
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Mar 18, 2024
CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability
High
CVE-2024-24767
was published
for
github.com/IceWhaleTech/CasaOS-UserService
(Go)
Mar 6, 2024
An unauthenticated remote attacker can bypass the brute force prevention mechanism and disturb...
High
Unreviewed
CVE-2024-1104
was published
Feb 22, 2024
Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security
Moderate
CVE-2024-21500
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
Dell RecoverPoint for Virtual Machines 5.3.x contains a brute force/dictionary attack...
Moderate
Unreviewed
CVE-2024-22425
was published
Feb 16, 2024
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting...
High
Unreviewed
CVE-2023-45191
was published
Feb 9, 2024
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection,...
Moderate
Unreviewed
CVE-2023-45190
was published
Feb 9, 2024
IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting...
High
Unreviewed
CVE-2023-38273
was published
Feb 2, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a...
High
Unreviewed
CVE-2023-50326
was published
Feb 2, 2024
SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts,...
Critical
Unreviewed
CVE-2023-33759
was published
Jan 25, 2024
The Omron FINS protocol has an authenticated feature to prevent access to memory regions....
High
Unreviewed
CVE-2022-45790
was published
Jan 22, 2024
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow...
Critical
Unreviewed
CVE-2024-22317
was published
Jan 18, 2024
Devise-Two-Factor vulnerable to brute force attacks
Moderate
CVE-2024-0227
was published
for
devise-two-factor
(RubyGems)
Jan 12, 2024
•
withdrawn
The number of attempts to bring the Hozard Alarm system (alarmsystemen) v1.0 to a disarmed state...
High
Unreviewed
CVE-2023-50123
was published
Jan 11, 2024
ProTip!
Advisories are also available from the
GraphQL API