GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
Apache NiFi user log out issue
High
CVE-2019-12421
was published
for
org.apache.nifi:nifi-web-api
(Maven)
Dec 2, 2019
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
Moderate
CVE-2021-31408
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 22, 2021
SessionListener can prevent a session from being invalidated breaking logout
Low
CVE-2021-34428
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Jun 23, 2021
Insufficient Session Expiration in Apache NiFi Registry
Moderate
CVE-2020-9482
was published
for
org.apache.nifi.registry:nifi-registry-web-api
(Maven)
Feb 9, 2022
Keycloak insufficient session expiration
High
CVE-2021-3461
was published
for
org.keycloak:keycloak-parent
(Maven)
Apr 3, 2022
Insufficient Session Expiration in Jenkins
High
CVE-2019-1003049
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Cloud Foundry Runtime Insufficient Session Expiration vulnerability
Critical
CVE-2015-5171
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Keycloak CSRF Vulnerability
High
CVE-2017-12159
was published
for
org.keycloak:keycloak-parent
(Maven)
May 13, 2022
Keycloak Insufficient Session Expiry
Moderate
CVE-2020-1724
was published
for
org.keycloak:keycloak-core
(Maven)
May 24, 2022
Keycloak vulnerable to session takeover with OIDC offline refreshtokens
Moderate
CVE-2022-3916
was published
for
org.keycloak:keycloak-parent
(Maven)
Dec 13, 2022
Insufficient Session Expiration in Jenkins Azure AD Plugin
High
CVE-2023-24426
was published
for
org.jenkins-ci.plugins:azure-ad
(Maven)
Jan 26, 2023
Jenkins WSO2 Oauth Plugin Session Fixation vulnerability
High
CVE-2023-33005
was published
for
org.jenkins-ci.plugins:wso2id-oauth
(Maven)
May 16, 2023
Graylog user session is still usable after logout
Low
CVE-2023-41041
was published
for
org.graylog2:graylog2-server
(Maven)
Jul 6, 2023
Apache InLong Insufficient Session Expiration vulnerability
Critical
CVE-2023-31065
was published
for
org.apache.inlong:manager-dao
(Maven)
Jul 6, 2023
Session Fixation Apache DolphinScheduler
Moderate
CVE-2023-50270
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 20, 2024
Keycloak vulnerable to session hijacking via re-authentication
Moderate
CVE-2023-6787
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin
High
CVE-2024-52553
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Nov 13, 2024
ProTip!
Advisories are also available from the
GraphQL API