Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
74
GitHub Actions
54
Go
4,115
Maven
5,000+
npm
5,000+
NuGet
994
pip
5,000+
Pub
13
RubyGems
1,095
Rust
1,417
Swift
61
Unreviewed advisories
All unreviewed
5,000+

146 advisories

Loading
Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food... Critical Unreviewed
CVE-2026-6853 was published Jun 12, 2026
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta... Critical Unreviewed
CVE-2025-1740 was published Jun 6, 2026
The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up... Critical Unreviewed
CVE-2026-8760 was published May 27, 2026
iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that... Critical Unreviewed
CVE-2020-37228 was published May 16, 2026
Duplicate Advisory: phpMyFAQ enables unauthenticated 2FA brute-force attack via /admin/check acceptance of arbitrary user-id Critical
GHSA-6626-79jh-5ccr was published for phpmyfaq/phpmyfaq (Composer) May 15, 2026 withdrawn
phpMyFAQ enables unauthenticated 2FA brute-force attack via /admin/check acceptance of arbitrary user-id Critical
CVE-2026-45010 was published for phpmyfaq/phpmyfaq (Composer) May 6, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
MinIO LDAP login brute-force via user enumeration and missing rate limit Critical
CVE-2026-33419 was published for github.com/minio/minio (Go) Mar 20, 2026
harshavardhana Credited to harshavardhana, donatello, and taran-p donatello donatello
taran-p taran-p
JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess... Critical Unreviewed
CVE-2026-32295 was published Mar 17, 2026
The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enabling brute-force... Critical Unreviewed
CVE-2026-32292 was published Mar 17, 2026
Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and... Critical Unreviewed
CVE-2025-69615 was published Mar 10, 2026
Improper Restriction of Excessive Authentication Attempts, Use of Password Hash With Insufficient... Critical Unreviewed
CVE-2026-30790 was published Mar 5, 2026
Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational... Critical Unreviewed
CVE-2026-30789 was published Mar 5, 2026
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) do not enforce... Critical Unreviewed
CVE-2026-24436 was published Jan 26, 2026
Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for... Critical Unreviewed
CVE-2025-4319 was published Jan 23, 2026
Improper Restriction of Excessive Authentication Attempts vulnerability in Restajet Information... Critical Unreviewed
CVE-2025-1928 was published Dec 19, 2025
EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products do not restrict... Critical Unreviewed
CVE-2025-64310 was published Nov 21, 2025
Nagios Fusion versions prior to 2024R2.1 contain a brute-force bypass in the Two-Factor... Critical Unreviewed
CVE-2025-34249 was published Oct 31, 2025
A lack of rate limiting in the login mechanism of SigningHub v8.6.8 allows attackers to bypass... Critical Unreviewed
CVE-2025-56221 was published Oct 17, 2025
The affected product does not limit the number of attempts for inputting the correct PIN for a... Critical Unreviewed
CVE-2025-46414 was published Aug 8, 2025
Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Mail Login... Critical Unreviewed
CVE-2025-7393 was published Jul 21, 2025
Improper Restriction of Excessive Authentication Attempts vulnerability in Art-in Bilişim... Critical Unreviewed
CVE-2025-4383 was published Jun 26, 2025
RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute... Critical Unreviewed
CVE-2025-48187 was published May 17, 2025
Agentflow from Flowring Technology has an Account Lockout Bypass vulnerability, allowing... Critical Unreviewed
CVE-2025-3709 was published May 2, 2025
A lack of rate limiting in the login page of Safe App version a3.0.9 allows attackers to bypass... Critical Unreviewed
CVE-2025-25595 was published Mar 18, 2025
Easy!Appointments Improper Restriction of Excessive Authentication Attempts Critical
CVE-2024-57602 was published for alextselegidis/easyappointments (Composer) Feb 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database