Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

38 advisories

Loading
aiohttp-session creates non-expiring sessions Moderate
CVE-2018-1000814 was published for aiohttp-session (pip) Dec 20, 2018
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19 Moderate
CVE-2021-31408 was published for com.vaadin:vaadin-bom (Maven) Apr 22, 2021
Insufficient Session Expiration and TOCTOU Race Condition in OPC FOundation UA .Net Standard Moderate
CVE-2020-8867 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Aug 2, 2021
incomplete JupyterHub logout with simultaneous JupyterLab sessions Moderate
CVE-2021-41247 was published for jupyterhub (pip) Nov 8, 2021
fritterhoff
Insufficient Session Expiration in Pterodactyl API Moderate
GHSA-7v3x-h7r2-34jv was published for pterodactyl/panel (Composer) Jan 21, 2022
EgoMaw
Insufficient Session Expiration in Apache NiFi Registry Moderate
CVE-2020-9482 was published for org.apache.nifi.registry:nifi-registry-web-api (Maven) Feb 9, 2022
Use of a Key Past its Expiration Date and Insufficient Session Expiration in Maddy Mail Server Moderate
CVE-2022-24732 was published for github.com/foxcpp/maddy (Go) Mar 7, 2022
ysf
SimpleSAMLphp Invalid token creation and validation Moderate
CVE-2017-12867 was published for simplesamlphp/simplesamlphp (Composer) May 13, 2022
Symfony DoS Moderate
CVE-2018-11386 was published for symfony/http-foundation (Composer) May 14, 2022
Keycloak Insufficient Session Expiry Moderate
CVE-2020-1724 was published for org.keycloak:keycloak-core (Maven) May 24, 2022
Microweber Insufficient Session Expiry Moderate
CVE-2020-23136 was published for microweber/microweber (Composer) May 24, 2022
Magento Insufficient Session Expiration Moderate
CVE-2021-21032 was published for magento/community-edition (Composer) May 24, 2022
Magento Insufficient Session Expiration Moderate
CVE-2021-21031 was published for magento/community-edition (Composer) May 24, 2022
Insufficient Session Expiration in TYPO3's Admin Tool Moderate
CVE-2022-31050 was published for typo3/cms (Composer) Jun 17, 2022
waldhacker1 ohader
FlyteAdmin Insufficient AccessToken Expiration Check Moderate
CVE-2022-31145 was published for github.com/flyteorg/flyteadmin (Go) Jul 15, 2022
mayitbeegh
Pinniped Supervisor Insufficient Session Expiration vulnerability Moderate
CVE-2022-31677 was published for go.pinniped.dev (Go) Sep 1, 2022
OctoPrint vulnerable to Insufficient Session Expiration. Moderate
CVE-2022-2888 was published for OctoPrint (pip) Sep 22, 2022
TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset Moderate
CVE-2022-23502 was published for typo3/cms (Composer) Dec 13, 2022
derhansen
Keycloak vulnerable to session takeover with OIDC offline refreshtokens Moderate
CVE-2022-3916 was published for org.keycloak:keycloak-parent (Maven) Dec 13, 2022
Flintholm
Zitadel RefreshToken invalidation vulnerability Moderate
CVE-2023-22492 was published for github.com/zitadel/zitadel (Go) Jan 11, 2023
sebastianbuechler
Pyload Insufficient Session Expiration vulnerability Moderate
CVE-2023-0227 was published for pyload-ng (pip) Jan 12, 2023
Symfony vulnerable to Session Fixation of CSRF tokens Moderate
CVE-2022-24895 was published for symfony/security-bundle (Composer) Feb 1, 2023
nicolas-grekas lavish
Firefly III insufficiently expires sessions Moderate
CVE-2023-1788 was published for grumpydictator/firefly-iii (Composer) Apr 5, 2023
Concrete CMS missing secure cookie parameters Moderate
CVE-2023-28472 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
Answer Insufficient Session Expiration vulnerability Moderate
CVE-2023-4126 was published for github.com/answerdev/answer (Go) Aug 3, 2023
ProTip! Advisories are also available from the GraphQL API