GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
40 advisories
Filter by severity
An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1...
Critical
Unreviewed
CVE-2024-8888
was published
Sep 18, 2024
On versions before 2.1.4, session is not invalidated after logout. When the user logged in...
Critical
Unreviewed
CVE-2024-29070
was published
Jul 23, 2024
SurveyKing v1.3.1 was discovered to keep users' sessions active after logout. Related to an...
Critical
Unreviewed
CVE-2024-35049
was published
May 14, 2024
xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the...
Critical
Unreviewed
CVE-2024-29401
was published
Mar 26, 2024
IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than...
Critical
Unreviewed
CVE-2023-46158
was published
Oct 25, 2023
An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an...
Critical
Unreviewed
CVE-2023-28001
was published
Jul 11, 2023
In Siren Investigate before 13.2.2, session keys remain active even after logging out.
Critical
Unreviewed
CVE-2023-35857
was published
Jun 19, 2023
A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate...
Critical
Unreviewed
CVE-2023-1854
was published
Apr 5, 2023
Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk <= 2.1.0p10...
Critical
Unreviewed
CVE-2022-48317
was published
Feb 20, 2023
Fusiondirectory 1.3 suffers from Improper Session Handling.
Critical
Unreviewed
CVE-2022-36179
was published
Nov 22, 2022
In affected versions of Octopus Server it is possible for a session token to be valid...
Critical
Unreviewed
CVE-2022-2782
was published
Oct 27, 2022
Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom...
Critical
Unreviewed
CVE-2021-46279
was published
Oct 24, 2022
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x...
Critical
Unreviewed
CVE-2022-35728
was published
Aug 5, 2022
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout...
Critical
Unreviewed
CVE-2022-22318
was published
Jun 21, 2022
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout...
Critical
Unreviewed
CVE-2022-22317
was published
Jun 21, 2022
In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a user’s...
Critical
Unreviewed
CVE-2021-25985
was published
May 24, 2022
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web...
Critical
Unreviewed
CVE-2021-40849
was published
May 24, 2022
An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and...
Critical
Unreviewed
CVE-2021-24019
was published
May 24, 2022
The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an...
Critical
Unreviewed
CVE-2021-38823
was published
May 24, 2022
Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at...
Critical
Unreviewed
CVE-2021-37333
was published
May 24, 2022
DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On...
Critical
Unreviewed
CVE-2020-35358
was published
May 24, 2022
An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and...
Critical
Unreviewed
CVE-2020-6649
was published
May 24, 2022
In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie...
Critical
Unreviewed
CVE-2020-29667
was published
May 24, 2022
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire...
Critical
Unreviewed
CVE-2020-27422
was published
May 24, 2022
A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated...
Critical
Unreviewed
CVE-2020-27739
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API