Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

30 advisories

Loading
Apache NiFi user log out issue High
CVE-2019-12421 was published for org.apache.nifi:nifi-web-api (Maven) Dec 2, 2019
Ensure that doorkeeper_token is valid when authenticating requests in API v2 calls High
CVE-2020-15269 was published for spree (RubyGems) Oct 20, 2020
Morantron
Insufficient Session Expiration in Kiali High
CVE-2020-1762 was published for github.com/kiali/kiali (Go) May 18, 2021
Invalid session token expiration High
CVE-2021-32923 was published for github.com/hashicorp/vault (Go) Jun 8, 2021
Insufficient Session Expiration in OpenStack Keystone High
CVE-2020-12690 was published for keystone (pip) Jun 9, 2021
Insufficient Session Expiration in @cyyynthia/tokenize High
GHSA-jcjx-c3j3-44pr was published for @cyyynthia/tokenize (npm) Nov 10, 2021
williamwa
Insufficient Session Expiration in Sylius High
CVE-2022-24743 was published for sylius/sylius (Composer) Mar 14, 2022
Insufficient Session Expiration in Admidio High
CVE-2022-0991 was published for admidio/admidio (Composer) Mar 20, 2022
Old sessions not blocked by login enable function in Snipe-IT High
CVE-2022-1155 was published for snipe/snipe-it (Composer) Mar 31, 2022
joelpittet
Keycloak insufficient session expiration High
CVE-2021-3461 was published for org.keycloak:keycloak-parent (Maven) Apr 3, 2022
Insufficient Session Expiration in Jenkins High
CVE-2019-1003049 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Keycloak CSRF Vulnerability High
CVE-2017-12159 was published for org.keycloak:keycloak-parent (Maven) May 13, 2022
Camaleon CMS Insufficient Session Expiration vulnerability High
CVE-2021-25970 was published for camaleon_cms (RubyGems) May 24, 2022
Insufficient Session Expiration in NocoDB High
CVE-2022-2064 was published for nocodb (npm) Jun 14, 2022
Insufficient Session Expiration in Nakama High
CVE-2022-2306 was published for github.com/heroiclabs/nakama (Go) Jul 6, 2022
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API High
CVE-2022-41672 was published for apache-airflow (pip) Oct 7, 2022
sunSUNQ
rdiffweb vulnerable to Insufficient Session Expiration High
CVE-2022-3362 was published for rdiffweb (pip) Nov 15, 2022
Insufficient Session Expiration in Jenkins Azure AD Plugin High
CVE-2023-24426 was published for org.jenkins-ci.plugins:azure-ad (Maven) Jan 26, 2023
vantage6 refresh tokens do not expire High
CVE-2023-23929 was published for vantage6 (pip) Feb 28, 2023
Insufficient Session Expiration in pretix High
CVE-2023-27891 was published for pretix (pip) Mar 7, 2023
Answer vulnerable to Insufficient Session Expiration High
CVE-2023-1543 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Jenkins WSO2 Oauth Plugin Session Fixation vulnerability High
CVE-2023-33005 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) May 16, 2023
Insufficient Session Expiration after a password change High
CVE-2023-38489 was published for getkirby/cms (Composer) Jul 28, 2023
5hank4r
Argo CD web terminal session doesn't expire High
CVE-2023-40025 was published for github.com/argoproj/argo-cd (Go) Aug 23, 2023
zhlu32
Insufficient Session Expiration in thorsten/phpmyfaq High
CVE-2023-5865 was published for thorsten/phpmyfaq (Composer) Oct 31, 2023
ProTip! Advisories are also available from the GraphQL API