GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
89 advisories
Filter by severity
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.
Moderate
Unreviewed
CVE-2022-24332
was published
Feb 26, 2022
IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an...
Moderate
Unreviewed
CVE-2021-38986
was published
Mar 2, 2022
SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing...
Moderate
Unreviewed
CVE-2022-25590
was published
Mar 26, 2022
nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key...
Moderate
Unreviewed
CVE-2014-3616
was published
May 13, 2022
A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish...
Moderate
Unreviewed
CVE-2019-0015
was published
May 13, 2022
XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS...
Moderate
Unreviewed
CVE-2018-2451
was published
May 13, 2022
Exploitation of session variables, resource IDs and other trusted credentials vulnerability in...
Moderate
Unreviewed
CVE-2017-3966
was published
May 13, 2022
The Milwaukee ONE-KEY Android mobile application uses bearer tokens with an expiration of one...
Moderate
Unreviewed
CVE-2017-3215
was published
May 13, 2022
An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller...
Moderate
Unreviewed
CVE-2017-14007
was published
May 13, 2022
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to...
Moderate
Unreviewed
CVE-2017-1000131
was published
May 13, 2022
A denial of service vulnerability exists in Schneider Electric's MiCOM Px4x (P540 range excluded)...
Moderate
Unreviewed
CVE-2018-7758
was published
May 14, 2022
Philips ISCV application prior to version 2.3.0 has an insufficient session expiration...
Moderate
Unreviewed
CVE-2018-5438
was published
May 14, 2022
IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to...
Moderate
Unreviewed
CVE-2017-1693
was published
May 14, 2022
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are...
Moderate
Unreviewed
CVE-2017-1000136
was published
May 17, 2022
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are...
Moderate
Unreviewed
CVE-2017-1000135
was published
May 17, 2022
IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2...
Moderate
Unreviewed
CVE-2019-4072
was published
May 24, 2022
The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x...
Moderate
Unreviewed
CVE-2019-3790
was published
May 24, 2022
Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries...
Moderate
Unreviewed
CVE-2019-7215
was published
May 24, 2022
After user deletion in MongoDB Server the improper invalidation of authorization sessions allows...
Moderate
Unreviewed
CVE-2019-2386
was published
May 24, 2022
An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the...
Moderate
Unreviewed
CVE-2019-16133
was published
May 24, 2022
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache...
Moderate
Unreviewed
CVE-2019-14826
was published
May 24, 2022
SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be...
Moderate
Unreviewed
CVE-2020-6178
was published
May 24, 2022
A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for...
Moderate
Unreviewed
CVE-2020-3188
was published
May 24, 2022
OpenVPN Access Server older than version 2.8.4 generates new user authentication tokens instead...
Moderate
Unreviewed
CVE-2020-15074
was published
May 24, 2022
When an agent user is renamed or set to invalid the session belonging to the user is keept active...
Moderate
Unreviewed
CVE-2020-1776
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API