Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

50 advisories

Loading
SaltStack Salt eauth tokens can be used once after expiration Critical
CVE-2021-3144 was published for salt (pip) May 24, 2022
Samly access control vulnerability Critical
CVE-2024-25718 was published for Samly (Erlang) Feb 11, 2024
An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1... Critical Unreviewed
CVE-2024-8888 was published Sep 18, 2024
xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the... Critical Unreviewed
CVE-2024-29401 was published Mar 26, 2024
On versions before 2.1.4, session is not invalidated after logout. When the user logged in... Critical Unreviewed
CVE-2024-29070 was published Jul 23, 2024
SurveyKing v1.3.1 was discovered to keep users' sessions active after logout. Related to an... Critical Unreviewed
CVE-2024-35049 was published May 14, 2024
An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an... Critical Unreviewed
CVE-2023-28001 was published Jul 11, 2023
In Siren Investigate before 13.2.2, session keys remain active even after logging out. Critical Unreviewed
CVE-2023-35857 was published Jun 19, 2023
Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an... Critical Unreviewed
CVE-2019-11168 was published May 24, 2022
Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions. Critical Unreviewed
CVE-2018-21018 was published May 24, 2022
A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1... Critical Unreviewed
CVE-2018-6634 was published May 24, 2022
Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass... Critical Unreviewed
CVE-2014-2595 was published May 17, 2022
Cloud Foundry Runtime Insufficient Session Expiration vulnerability Critical
CVE-2015-5171 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Token leases could outlive their TTL in HashiCorp Vault Critical
CVE-2020-25816 was published for github.com/hashicorp/vault (Go) May 24, 2022
IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than... Critical Unreviewed
CVE-2023-46158 was published Oct 25, 2023
Apache InLong Insufficient Session Expiration vulnerability Critical
CVE-2023-31065 was published for org.apache.inlong:manager-dao (Maven) Jul 6, 2023
October CMS Session ID not invalidated after logout Critical
CVE-2021-3311 was published for october/rain (Composer) Feb 10, 2021
Fusiondirectory 1.3 suffers from Improper Session Handling. Critical Unreviewed
CVE-2022-36179 was published Nov 22, 2022
A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate... Critical Unreviewed
CVE-2023-1854 was published Apr 5, 2023
Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk <= 2.1.0p10... Critical Unreviewed
CVE-2022-48317 was published Feb 20, 2023
TYPO3 vulnerable to Insufficient Session Expiration Critical
CVE-2022-47406 was published for derhansen/fe_change_pwd (Composer) Dec 14, 2022
In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the... Critical Unreviewed
CVE-2021-25992 was published Feb 11, 2022
A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to... Critical Unreviewed
CVE-2021-22820 was published Jan 29, 2022
Apostrophe CMS Insufficient Session Expiration vulnerability Critical
CVE-2021-25979 was published for apostrophe (npm) Nov 10, 2021
In Mattermost Focalboard, versions prior to v0.7.5, v0.8.4, v0.9.5, v0.10.1 and v0.11.0-rc1; as... Critical Unreviewed
CVE-2022-22122 was published Jan 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database