GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
289 advisories
Filter by severity
Umbraco CMS logout page displayed before session expiration
Moderate
CVE-2024-48926
was published
for
Umbraco.CMS
(NuGet)
Oct 22, 2024
The logout operation in the CloudStack web interface does not expire the user session completely...
Moderate
Unreviewed
CVE-2024-45462
was published
Oct 16, 2024
An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and...
High
Unreviewed
CVE-2024-48827
was published
Oct 11, 2024
IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers from Insufficient Session Expiration....
Moderate
Unreviewed
CVE-2024-46040
was published
Oct 7, 2024
HCL Nomad is susceptible to an insufficient session expiration vulnerability. Under certain...
Moderate
Unreviewed
CVE-2024-23586
was published
Sep 28, 2024
An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1...
Critical
Unreviewed
CVE-2024-8888
was published
Sep 18, 2024
IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which...
Moderate
Unreviewed
CVE-2024-38315
was published
Sep 16, 2024
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2)....
Moderate
Unreviewed
CVE-2024-32006
was published
Sep 10, 2024
The Central Manager user session refresh token does not expire when a user logs out. Note:...
High
Unreviewed
CVE-2024-39809
was published
Aug 14, 2024
An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and...
Low
Unreviewed
CVE-2022-45862
was published
Aug 13, 2024
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10...
Moderate
Unreviewed
CVE-2022-38382
was published
Aug 13, 2024
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability
Moderate
CVE-2024-42447
was published
for
apache-airflow-providers-fab
(pip)
Aug 5, 2024
IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could...
Moderate
Unreviewed
CVE-2023-26288
was published
Jul 30, 2024
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses...
Moderate
Unreviewed
CVE-2022-32759
was published
Jul 25, 2024
On versions before 2.1.4, session is not invalidated after logout. When the user logged in...
Critical
Unreviewed
CVE-2024-29070
was published
Jul 23, 2024
In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or...
High
Unreviewed
CVE-2024-41827
was published
Jul 22, 2024
Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps version 2.0.0...
High
Unreviewed
CVE-2024-27782
was published
Jul 9, 2024
KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1...
High
Unreviewed
CVE-2024-36041
was published
Jul 5, 2024
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider
High
CVE-2023-22650
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The...
High
Unreviewed
CVE-2024-5995
was published
Jun 14, 2024
An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in...
Moderate
Unreviewed
CVE-2024-36523
was published
Jun 12, 2024
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions ...
High
Unreviewed
CVE-2024-35206
was published
Jun 11, 2024
zenml-io/zenml does not expire the session after password reset
Low
CVE-2024-4680
was published
for
zenml
(pip)
Jun 8, 2024
zfr authentication adapter did not verify validity of tokens
High
GHSA-rcm4-jv5g-wccm
was published
for
zfr/zfr-oauth2-server-module
(Composer)
Jun 7, 2024
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled
Low
GHSA-5r8w-66hq-rc39
was published
for
silverstripe/framework
(Composer)
May 27, 2024
ProTip!
Advisories are also available from the
GraphQL API