Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
74
GitHub Actions
54
Go
4,115
Maven
5,000+
npm
5,000+
NuGet
994
pip
5,000+
Pub
13
RubyGems
1,095
Rust
1,417
Swift
61
Unreviewed advisories
All unreviewed
5,000+

522 advisories

Loading
Capgo before 12.128.2 contains a credential validation vulnerability in the POST /functions/v1... Moderate Unreviewed
CVE-2026-56234 was published Jun 23, 2026
AIL did not restrict repeated failed attempts to verify a two-factor authentication (OTP) code.... Moderate Unreviewed
CVE-2026-56450 was published Jun 22, 2026
Craft Commerce: Coupon Code Brute-Force via Rate Limit Bypass Moderate
CVE-2026-55795 was published for craftcms/commerce (Composer) Jun 19, 2026
gonzaless95 Credited to gonzaless95
Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food... Critical Unreviewed
CVE-2026-6853 was published Jun 12, 2026
A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user... High Unreviewed
CVE-2026-3329 was published Jun 11, 2026
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta... Critical Unreviewed
CVE-2025-1740 was published Jun 6, 2026
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft QR Menu... High Unreviewed
CVE-2025-2412 was published Jun 6, 2026
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft OctoCloud... High Unreviewed
CVE-2025-2414 was published Jun 6, 2026
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta... High Unreviewed
CVE-2025-2415 was published Jun 6, 2026
NocoDB: User Enumeration via Sign-In Timing Low
CVE-2026-47380 was published for nocodb (npm) Jun 5, 2026
AndyAnh174 Credited to AndyAnh174
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows unauthenticated brute... High Unreviewed
CVE-2026-36607 was published Jun 3, 2026
Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 enables WPS 2.0 by default with a weak... Moderate Unreviewed
CVE-2026-36612 was published Jun 3, 2026
A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an... Low Unreviewed
CVE-2026-10216 was published Jun 1, 2026
Authelia Missing Username Canonicalization in Basic Auth (LDAP) Low
CVE-2026-47203 was published for github.com/authelia/authelia/v4 (Go) May 29, 2026
Nadav0077 Credited to Nadav0077, james-d-elliott, nightah, and Crowley723 james-d-elliott james-d-elliott
nightah nightah Crowley723 Crowley723
Uncontrolled resource consumption in the Wireless Control Module (WCM) of the Indian Motorcycle... Moderate Unreviewed
CVE-2026-49324 was published May 29, 2026
The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up... Critical Unreviewed
CVE-2026-8760 was published May 27, 2026
Yamcs has No Rate Limiting on Authentication Endpoint Moderate
CVE-2026-44596 was published for org.yamcs:yamcs-core (Maven) May 27, 2026
ex-cal1bur Credited to ex-cal1bur
Improper restriction of excessive authentication attempts vulnerability in Turkiye Electricity... Moderate Unreviewed
CVE-2026-1816 was published May 21, 2026
phpMyFAQ: Missing Password Reset Token Allows Account Takeover via Username/Email Enumeration High
CVE-2026-35675 was published for phpmyfaq/phpmyfaq (Composer) May 20, 2026
cyberHunter127 Credited to cyberHunter127
In BYD Atto3, an attacker can obtain an authentication key through Brute Force attack, which is... High Unreviewed
CVE-2025-61081 was published May 19, 2026
iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that... Critical Unreviewed
CVE-2020-37228 was published May 16, 2026
Duplicate Advisory: phpMyFAQ enables unauthenticated 2FA brute-force attack via /admin/check acceptance of arbitrary user-id Critical
GHSA-6626-79jh-5ccr was published for phpmyfaq/phpmyfaq (Composer) May 15, 2026 withdrawn
Better Auth: Rate limiter keys IPv6 addresses individually and is bypassable via prefix rotation High
CVE-2026-45364 was published for better-auth (npm) May 15, 2026
nexryai Credited to nexryai
HCL AION is affected by a vulnerability where adequate protections against brute-force attempts... Moderate Unreviewed
CVE-2025-62313 was published May 14, 2026
Strapi has a rate limit bypass on users-permissions plugin via attacker-controlled email keying Moderate
CVE-2025-64526 was published for @strapi/plugin-users-permissions (npm) May 13, 2026
adriatikii Credited to adriatikii and derrickmehaffy derrickmehaffy derrickmehaffy
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database