Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

35 advisories

Loading
HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive... Moderate Unreviewed
CVE-2025-55268 was published Mar 26, 2026
IBM Aspera Console 3.3.0 through 3.4.8 could allow an authenticated user to cause a denial of... Moderate Unreviewed
CVE-2025-13212 was published Mar 16, 2026
wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated... Moderate Unreviewed
CVE-2026-22216 was published Mar 13, 2026
Parse Server has a rate limit bypass via batch request endpoint Moderate
CVE-2026-30972 was published for parse-server (npm) Mar 11, 2026
offset Credited to offset and mtrezza mtrezza mtrezza
An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet... High Unreviewed
CVE-2026-24017 was published Mar 10, 2026
OpenClaw's hooks count non-POST requests toward auth lockout Moderate
GHSA-6rmx-gvvg-vh6j was published for openclaw (npm) Mar 9, 2026
JNX03 Credited to JNX03
IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to cause a denial... Moderate Unreviewed
CVE-2025-13211 was published Dec 11, 2025
In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password... Critical Unreviewed
CVE-2025-54321 was published Nov 18, 2025
Mattermost Server does not enforce rate limits on password change attempts High
CVE-2016-11069 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Fides Webserver API Rate Limiting Vulnerability in Proxied Environments Moderate
CVE-2025-57816 was published for ethyca-fides (pip) Sep 8, 2025
daveqnet Credited to daveqnet, eastandwestwind, and erosselli eastandwestwind eastandwestwind
erosselli erosselli
Shopware default newsletter opt-in settings allow for mass sign-up abuse Low
CVE-2025-32378 was published for shopware/core (Composer) Apr 9, 2025
An attacker may be able to cause a denial-of-service condition by sending many SSH packets... High Unreviewed
CVE-2024-32943 was published Jun 21, 2024
An attacker may be able to cause a denial-of-service condition by sending many packets repeatedly. High Unreviewed
CVE-2024-35246 was published Jun 21, 2024
OpenFlow discovery protocol can exhaust resources because it is not rate limited Moderate Unreviewed
CVE-2025-48016 was published May 20, 2025
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An... Moderate Unreviewed
CVE-2021-37191 was published May 24, 2022
Improper Control of Interaction Frequency vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings... Moderate Unreviewed
CVE-2023-40332 was published Jun 4, 2024
This vulnerability exists in the CAP back office application due to missing rate limiting on OTP... High Unreviewed
CVE-2025-29998 was published Mar 13, 2025
This vulnerability exists in RupeeWeb trading platform due to missing rate limiting on OTP... Moderate Unreviewed
CVE-2025-26524 was published Feb 14, 2025
Missing rate limit in MaysWind ezBookkeeping Moderate
CVE-2024-57603 was published for github.com/mayswind/ezbookkeeping (Go) Feb 13, 2025
Drupal Open Social allows Functionality Misuse Moderate
CVE-2024-13274 was published for goalgorilla/open_social (Composer) Jan 9, 2025
This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API... High Unreviewed
CVE-2024-51557 was published Nov 4, 2024
This vulnerability exists in Shilpi Client Dashboard due to lack of rate limiting and Captcha... High Unreviewed
CVE-2024-47654 was published Oct 4, 2024
The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows... Moderate Unreviewed
CVE-2024-48942 was published Oct 10, 2024
Rate limit vulnerability in Clibo Manager v1.1.9.2 that could allow an attacker to send a large... Moderate Unreviewed
CVE-2024-9199 was published Sep 26, 2024
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP... High Unreviewed
CVE-2024-45788 was published Sep 11, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database