Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

299 advisories

Loading
The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through... Moderate Unreviewed
CVE-2021-27351 was published May 24, 2022
IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through... Moderate Unreviewed
CVE-2022-40228 was published Nov 22, 2022
The REST/JSON project 7.x-1.x for Drupal allows session name guessing, aka SA-CONTRIB-2016-033.... High Unreviewed
CVE-2016-20007 was published May 24, 2022
An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The... High Unreviewed
CVE-2020-24387 was published May 24, 2022
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire... Critical Unreviewed
CVE-2020-27422 was published May 24, 2022
Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both... High Unreviewed
CVE-2020-23140 was published May 24, 2022
Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout. High Unreviewed
CVE-2020-15950 was published May 24, 2022
IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could... Moderate Unreviewed
CVE-2020-4395 was published May 24, 2022
CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal... Moderate Unreviewed
CVE-2020-25374 was published May 24, 2022
A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated... Critical Unreviewed
CVE-2020-27739 was published May 24, 2022
An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. Because of implicitly remembered... Moderate Unreviewed
CVE-2020-15774 was published May 24, 2022
The system console configuration option 'log-out-on-disconnect' In Juniper Networks Junos OS... Moderate Unreviewed
CVE-2020-1666 was published May 24, 2022
OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam... Moderate Unreviewed
CVE-2020-4780 was published May 24, 2022
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The... Moderate Unreviewed
CVE-2020-13299 was published May 24, 2022
An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK... High Unreviewed
CVE-2016-8712 was published May 13, 2022
OpenVPN Access Server older than version 2.8.4 generates new user authentication tokens instead... Moderate Unreviewed
CVE-2020-15074 was published May 24, 2022
A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for... Moderate Unreviewed
CVE-2020-3188 was published May 24, 2022
In affected versions of Octopus Server it was identified that a session cookie could be used as... Moderate Unreviewed
CVE-2022-2783 was published Oct 6, 2022
NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the... Critical Unreviewed
CVE-2016-11014 was published May 24, 2022
Pyload Insufficient Session Expiration vulnerability Moderate
CVE-2023-0227 was published for pyload-ng (pip) Jan 12, 2023
A remote authorization bypass vulnerability was discovered in Aruba ClearPass Policy Manager... High Unreviewed
CVE-2022-23669 was published May 18, 2022
Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to... Moderate Unreviewed
CVE-2022-34624 was published Aug 20, 2022
A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S ... High Unreviewed
CVE-2022-33137 was published Jul 13, 2022
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are... Critical Unreviewed
CVE-2016-5069 was published May 17, 2022
Insufficient Session Expiration in Nakama High
CVE-2022-2306 was published for github.com/heroiclabs/nakama (Go) Jul 6, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database