Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

35 advisories

Loading
HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive... Moderate Unreviewed
CVE-2025-55268 was published Mar 26, 2026
IBM Aspera Console 3.3.0 through 3.4.8 could allow an authenticated user to cause a denial of... Moderate Unreviewed
CVE-2025-13212 was published Mar 16, 2026
wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated... Moderate Unreviewed
CVE-2026-22216 was published Mar 13, 2026
Parse Server has a rate limit bypass via batch request endpoint Moderate
CVE-2026-30972 was published for parse-server (npm) Mar 11, 2026
offset Credited to offset and mtrezza mtrezza mtrezza
An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet... High Unreviewed
CVE-2026-24017 was published Mar 10, 2026
OpenClaw's hooks count non-POST requests toward auth lockout Moderate
GHSA-6rmx-gvvg-vh6j was published for openclaw (npm) Mar 9, 2026
JNX03 Credited to JNX03
IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to cause a denial... Moderate Unreviewed
CVE-2025-13211 was published Dec 11, 2025
In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password... Critical Unreviewed
CVE-2025-54321 was published Nov 18, 2025
Fides Webserver API Rate Limiting Vulnerability in Proxied Environments Moderate
CVE-2025-57816 was published for ethyca-fides (pip) Sep 8, 2025
daveqnet Credited to daveqnet, eastandwestwind, and erosselli eastandwestwind eastandwestwind
erosselli erosselli
OpenFlow discovery protocol can exhaust resources because it is not rate limited Moderate Unreviewed
CVE-2025-48016 was published May 20, 2025
Shopware default newsletter opt-in settings allow for mass sign-up abuse Low
CVE-2025-32378 was published for shopware/core (Composer) Apr 9, 2025
This vulnerability exists in the CAP back office application due to missing rate limiting on OTP... High Unreviewed
CVE-2025-29998 was published Mar 13, 2025
This vulnerability exists in RupeeWeb trading platform due to missing rate limiting on OTP... Moderate Unreviewed
CVE-2025-26524 was published Feb 14, 2025
Missing rate limit in MaysWind ezBookkeeping Moderate
CVE-2024-57603 was published for github.com/mayswind/ezbookkeeping (Go) Feb 13, 2025
Drupal Open Social allows Functionality Misuse Moderate
CVE-2024-13274 was published for goalgorilla/open_social (Composer) Jan 9, 2025
This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API... High Unreviewed
CVE-2024-51557 was published Nov 4, 2024
The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows... Moderate Unreviewed
CVE-2024-48942 was published Oct 10, 2024
This vulnerability exists in Shilpi Client Dashboard due to lack of rate limiting and Captcha... High Unreviewed
CVE-2024-47654 was published Oct 4, 2024
Rate limit vulnerability in Clibo Manager v1.1.9.2 that could allow an attacker to send a large... Moderate Unreviewed
CVE-2024-9199 was published Sep 26, 2024
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP... High Unreviewed
CVE-2024-45788 was published Sep 11, 2024
An attacker may be able to cause a denial-of-service condition by sending many packets repeatedly. High Unreviewed
CVE-2024-35246 was published Jun 21, 2024
An attacker may be able to cause a denial-of-service condition by sending many SSH packets... High Unreviewed
CVE-2024-32943 was published Jun 21, 2024
NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where an... Moderate Unreviewed
CVE-2024-0094 was published Jun 14, 2024
Improper Control of Interaction Frequency vulnerability in Metagauss RegistrationMagic allows... Moderate Unreviewed
CVE-2023-51544 was published Jun 4, 2024
: Improper Control of Interaction Frequency vulnerability in cartpauj Cartpauj Register Captcha... Moderate Unreviewed
CVE-2023-40673 was published Jun 4, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database