Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,723
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,948
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+

492 advisories

Loading
Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual... Moderate Unreviewed
CVE-2025-2514 was published May 7, 2026
phpMyFAQ enables unauthenticated 2FA brute-force attack via /admin/check acceptance of arbitrary user-id Critical
GHSA-9pq7-mfwh-xx2j was published for phpmyfaq/phpmyfaq (Composer) May 6, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to... High Unreviewed
CVE-2023-54347 was published May 5, 2026
Signal K Server's WebSocket Login Endpoint Lacks Rate Limiting (Credential Brute-Force) High
CVE-2026-41893 was published for signalk-server (npm) May 4, 2026
A vulnerability has been found in CodeWise Tornet Scooter Mobile App 4.75 on iOS/Android. The... Low Unreviewed
CVE-2026-7671 was published May 3, 2026
U-SPEED N300 router V1.0.0 does not implement rate limiting or account lockout protections on the... High Unreviewed
CVE-2026-36959 was published Apr 30, 2026
The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed... Moderate Unreviewed
CVE-2026-35902 was published Apr 27, 2026
DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability,... High Unreviewed
CVE-2026-6947 was published Apr 24, 2026
The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if... High Unreviewed
CVE-2026-0972 was published Apr 21, 2026
The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if... High Unreviewed
CVE-2025-14362 was published Apr 21, 2026
This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA... High Unreviewed
CVE-2026-41037 was published Apr 21, 2026
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Moderate Unreviewed
CVE-2025-46606 was published Apr 17, 2026
@node-oauth/oauth2-server: PKCE code_verifier ABNF not enforced in token exchange allows brute-force redemption of intercepted authorization codes Moderate
CVE-2026-41213 was published for @node-oauth/oauth2-server (npm) Apr 16, 2026
KarimTantawey Credited to KarimTantawey, jankapunkt, and dhensby jankapunkt jankapunkt
dhensby dhensby
Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against... Moderate Unreviewed
CVE-2026-22616 was published Apr 16, 2026
CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would... Moderate Unreviewed
CVE-2026-2402 was published Apr 14, 2026
Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps... Moderate Unreviewed
CVE-2025-31991 was published Apr 13, 2026
Vikunja Vulnerable to TOTP Brute-Force Due to Non-Functional Account Lockout Moderate
CVE-2026-35597 was published for code.vikunja.io/api (Go) Apr 10, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Duplicate Advisory: OpenClaw: Telegram Webhook Missing Guess Rate Limiting Enables Brute-Force Guessing of Weak Webhook Secret Moderate
GHSA-r4c2-gq3j-7rpj was published for openclaw (npm) Apr 10, 2026 withdrawn
Duplicate Advisory: OpenClaw: Synology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Webhook Token Moderate
GHSA-59xc-5v89-r7pr was published for openclaw (npm) Apr 10, 2026 withdrawn
Duplicate Advisory: OpenClaw: BlueBubbles Webhook Missing Rate Limiting Enables Brute-Force Password Guessing Moderate
GHSA-rc8f-r29c-chr6 was published for openclaw (npm) Apr 10, 2026 withdrawn
OpenClaw: Fake DeviceToken Bypasses Shared Auth Rate Limiting Moderate
CVE-2026-41333 was published for openclaw (npm) Apr 3, 2026
kexinoh Credited to kexinoh
OpenClaw's Nextcloud Talk webhook missing rate limiting on shared secret authentication Moderate
CVE-2026-33580 was published for openclaw (npm) Mar 31, 2026
AntAISecurityLab Credited to AntAISecurityLab
Duplicate Advisory: OpenClaw's Nextcloud Talk webhook missing rate limiting on shared secret authentication Moderate
GHSA-gm9m-x74r-8whg was published for openclaw (npm) Mar 31, 2026 withdrawn
Duplicate Advisory: OpenClaw: Zalo webhook rate limiting could be bypassed before secret validation Moderate
GHSA-cxfr-3qp8-hpmw was published for openclaw (npm) Mar 31, 2026 withdrawn
Duplicate Advisory: OpenClaw has Bypass in Webhook Rate Limiting via Pre-Authentication Secret Validation Moderate
CVE-2026-34508 was published for openclaw (npm) Mar 31, 2026 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database