Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,746
Maven
5,000+
npm
4,346
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

17 advisories

Loading
Improper Restriction of Excessive Authentication Attempts in Argo API High
CVE-2020-8827 was published for github.com/argoproj/argo-cd (Go) Jul 26, 2021
Improper Restriction of Excessive Authentication Attempts Critical
CVE-2022-2321 was published for github.com/heroiclabs/nakama/v3 (Go) Jul 6, 2022
usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts Moderate
CVE-2022-4797 was published for github.com/usememos/memos (Go) Dec 28, 2022
Answer has Guessable CAPTCHA Moderate
CVE-2023-1539 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security Moderate
CVE-2024-21500 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability High
CVE-2024-24767 was published for github.com/IceWhaleTech/CasaOS-UserService (Go) Mar 6, 2024
DrDark1999
Credited to DrDark1999
Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss Critical
CVE-2024-21652 was published for github.com/argoproj/argo-cd/v2 (Go) Mar 18, 2024
nadava669 pasha-codefresh
jannfis crenshaw-dev todaywasawesome
Credited to nadava669, pasha-codefresh, jannfis, crenshaw-dev, and todaywasawesome
Bypassing Rate Limit and Brute Force Protection Using Cache Overflow Moderate
CVE-2024-21662 was published for github.com/argoproj/argo-cd/v2 (Go) Mar 18, 2024
nadava669 pasha-codefresh
crenshaw-dev todaywasawesome jannfis
Credited to nadava669, pasha-codefresh, crenshaw-dev, todaywasawesome, and jannfis
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass High
CVE-2024-32868 was published for github.com/zitadel/zitadel (Go) Apr 25, 2024
livio-a Skelmis
itz-d0dgy amit-laish muhlemmer peintnermax
Credited to livio-a, Skelmis, itz-d0dgy, amit-laish, muhlemmer, and peintnermax
Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill Moderate
CVE-2024-8462 was published for github.com/windmill-labs/windmill (Go) Sep 5, 2024
Authelia applies regulation separately to Username-based logins to Email-based logins Low
CVE-2025-24806 was published for github.com/authelia/authelia/v4 (Go) Feb 19, 2025
tsschaffert Ahrdie
caesarakalaeii
Credited to tsschaffert, Ahrdie, and caesarakalaeii
File Browser vulnerable to insecure password handling Moderate
CVE-2025-52997 was published for github.com/filebrowser/filebrowser (Go) Jun 30, 2025
mtausig hacdias
Credited to mtausig and hacdias
Hashicorp Vault has Login MFA Rate Limit Bypass Vulnerability Moderate
CVE-2025-6015 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
Hashicorp Vault has Lockout Feature Authentication Bypass Moderate
CVE-2025-6004 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
OpenBao Userpass and LDAP User Lockout Bypass Moderate
CVE-2025-54998 was published for github.com/openbao/openbao (Go) Aug 8, 2025
OpenBao Login MFA Bypass of Rate Limiting and TOTP Token Reuse Moderate
CVE-2025-55003 was published for github.com/openbao/openbao (Go) Aug 8, 2025
Zitadel allows brute-forcing authentication factors High
CVE-2025-64102 was published for github.com/zitadel/zitadel (Go) Oct 29, 2025
livio-a IAM-marco
Credited to livio-a and IAM-marco
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database