GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,470
Composer 4,827
Erlang 36
GitHub Actions 32
Go 2,441
Maven 5,838
npm 4,061
NuGet 723
pip 3,859
Pub 12
RubyGems 941
Rust 1,007
Swift 38

Unreviewed advisories

All unreviewed 265,512

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

327 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

A vulnerability was found in macrozheng mall 1.0.3. It has been rated as problematic. Affected by... Moderate Unreviewed

CVE-2025-8742 was published Aug 9, 2025

The affected product does not limit the number of attempts for inputting the correct PIN for a... Critical Unreviewed

CVE-2025-46414 was published Aug 8, 2025

A vulnerability has been identified in the Linux kernel's ksmbd component (kernel SMB/CIFS server... Low Unreviewed

CVE-2023-32251 was published Jul 31, 2025

OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows attackers to bypass account... Moderate Unreviewed

CVE-2025-54833 was published Jul 31, 2025

Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of... Moderate Unreviewed

CVE-2025-28172 was published Jul 29, 2025

IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account lockout setting that could... High Unreviewed

CVE-2024-49342 was published Jul 28, 2025

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Mail Login... Critical Unreviewed

CVE-2025-7393 was published Jul 21, 2025

A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been rated as... Low Unreviewed

CVE-2025-7882 was published Jul 20, 2025

An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version... High Unreviewed

CVE-2024-23106 was published Jan 14, 2025

The SMB server's login mechanism does not implement sufficient measures to prevent multiple... High Unreviewed

CVE-2025-27456 was published Jul 3, 2025

The MEAC300-FNADE4 does not implement sufficient measures to prevent multiple failed... High Unreviewed

CVE-2025-27449 was published Jul 3, 2025

The maxView Storage Manager does not implement sufficient measures to prevent multiple failed... High Unreviewed

CVE-2025-1710 was published Jul 3, 2025

Yealink YMCS RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force... Low Unreviewed

CVE-2025-52916 was published Jun 22, 2025

Improper Restriction of Excessive Authentication Attempts vulnerability in Art-in Bilişim... Critical Unreviewed

CVE-2025-4383 was published Jun 26, 2025

Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 do not enforce rate limiting... High Unreviewed

CVE-2025-2171 was published Jun 23, 2025

The product does not implement sufficient measures to prevent multiple failed authentication... Moderate Unreviewed

CVE-2025-49186 was published Jun 12, 2025

The FTP server’s login mechanism does not restrict authentication attempts, allowing an attacker... Moderate Unreviewed

CVE-2025-49195 was published Jun 12, 2025

A vulnerability was found in Tenda TDSEE App up to 1.7.12. It has been declared as problematic.... Moderate Unreviewed

CVE-2025-5864 was published Jun 9, 2025

Weak Authentication vulnerability in Drupal Email TFA allows Brute Force.This issue affects Email... High Unreviewed

CVE-2025-31676 was published Apr 1, 2025

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection,... Moderate Unreviewed

CVE-2023-45190 was published Feb 9, 2024

An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to... Moderate Unreviewed

CVE-2024-24721 was published Feb 27, 2024

Password guessing limits could be bypassed when using LDAP authentication. High Unreviewed

CVE-2025-48014 was published May 20, 2025

RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute... Critical Unreviewed

CVE-2025-48187 was published May 17, 2025

An issue in the userId parameter in the change password function of Flytxt NEON-dX v0.0.1... Moderate Unreviewed

CVE-2023-34732 was published May 12, 2025

An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions... High Unreviewed

CVE-2022-3031 was published Oct 17, 2022

Previous 1 2 3 4 5 … 13 14 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

327 advisories