GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
40 advisories
Filter by severity
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass
High
CVE-2024-32868
was published
for
github.com/zitadel/zitadel
(Go)
Apr 25, 2024
Improper Restriction of Excessive Authentication Attempts in py-bcrypt
High
CVE-2013-1895
was published
for
py-bcrypt
(pip)
Oct 12, 2021
Lin-CMS-Flask vulnerable to Improper Authentication
Critical
CVE-2020-18698
was published
for
Lin-CMS
(pip)
May 24, 2022
Keycloak Services has a potential bypass of brute force protection
Moderate
CVE-2024-4629
was published
for
org.keycloak:keycloak-services
(Maven)
Sep 17, 2024
Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill
Moderate
CVE-2024-8462
was published
for
github.com/windmill-labs/windmill
(Go)
Sep 5, 2024
Improper Restriction of Excessive Authentication Attempts in Argo API
High
CVE-2020-8827
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 26, 2021
Silverstripe Brute force bypass on default admin
Critical
GHSA-8v6m-7f5v-hhx6
was published
for
silverstripe/framework
(Composer)
May 23, 2024
OATHAuth extension in MediaWiki is not implementing rate limit
High
CVE-2020-25827
was published
for
mediawiki/core
(Composer)
May 24, 2022
eZ Platform Admin UI Password reset vulnerability
High
GHSA-hfpp-2vhw-qq43
was published
for
ezsystems/ezplatform-user
(Composer)
May 15, 2024
eZ Platform Password reset vulnerability
High
GHSA-cg84-55jx-4237
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
May 15, 2024
OpenStack Keystone allows information disclosure during account locking
High
CVE-2021-38155
was published
for
keystone
(pip)
May 24, 2022
SaltStack RSA Key Generation allows remote users to decrypt communications
High
CVE-2013-2228
was published
for
salt
(pip)
May 5, 2022
Dolibarr Improper Restriction of Excessive Authentication Attempts
Critical
CVE-2020-7995
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability
High
CVE-2024-24767
was published
for
github.com/IceWhaleTech/CasaOS-UserService
(Go)
Mar 6, 2024
Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss
Moderate
CVE-2024-21652
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Mar 18, 2024
Bypassing Rate Limit and Brute Force Protection Using Cache Overflow
Moderate
CVE-2024-21662
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Mar 18, 2024
Devise-Two-Factor vulnerable to brute force attacks
Moderate
CVE-2024-0227
was published
for
devise-two-factor
(RubyGems)
Jan 12, 2024
•
withdrawn
Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security
Moderate
CVE-2024-21500
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
WWBN AVideo Improper Restriction of Excessive Authentication Attempts vulnerability
High
CVE-2023-49810
was published
for
wwbn/avideo
(Composer)
Jan 10, 2024
LibreNMS vulnerable to rate limiting bypass on login page
Moderate
CVE-2023-46745
was published
for
librenms/librenms
(Composer)
Nov 17, 2023
generator-jhipster allows a timing attack against validateToken due to a string comparison that stops at the first character
High
CVE-2015-20110
was published
for
generator-jhipster
(npm)
Oct 31, 2023
AzuraCast missing brute force prevention
Critical
CVE-2023-2531
was published
for
azuracast/azuracast
(Composer)
May 5, 2023
Froxlor vulnerable to Improper Restriction of Excessive Authentication Attempts
Critical
CVE-2023-3173
was published
for
froxlor/froxlor
(Composer)
Jun 9, 2023
Keycloak Improper Bruteforce Detection
High
CVE-2018-14657
was published
for
org.keycloak:keycloak-parent
(Maven)
May 13, 2022
Pimcore Discloses Usernames In Use
High
CVE-2019-18986
was published
for
pimcore/pimcore
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API