Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

126 advisories

Loading
The MFA management features did not properly terminate existing user sessions when a user's MFA... Moderate Unreviewed
CVE-2024-21722 was published Feb 29, 2024
An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers... Moderate Unreviewed
CVE-2024-22543 was published Feb 27, 2024
Session Fixation Apache DolphinScheduler Moderate
CVE-2023-50270 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
oscerd
Insufficient Session Expiration in github.com/greenpau/caddy-security Moderate
CVE-2024-21492 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in... Moderate Unreviewed
CVE-2024-0008 was published Feb 14, 2024
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session... Moderate Unreviewed
CVE-2023-45187 was published Feb 9, 2024
IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an... Moderate Unreviewed
CVE-2023-50936 was published Feb 2, 2024
A vulnerability, which was classified as problematic, was found in SourceCodester Engineers... Moderate Unreviewed
CVE-2024-0260 was published Jan 7, 2024
yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection Moderate
CVE-2023-46121 was published for yt-dlp (pip) Nov 15, 2023
coletdjnz
Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Moderate Unreviewed
CVE-2023-5889 was published Nov 1, 2023
Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to... Moderate Unreviewed
CVE-2023-39695 was published Nov 1, 2023
Insufficient Session Expiration in GitHub repository linkstackorg/linkstack prior to v4.2.9. Moderate Unreviewed
CVE-2023-5838 was published Oct 29, 2023
HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate... Moderate Unreviewed
CVE-2023-37504 was published Oct 19, 2023
IBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain sensitive... Moderate Unreviewed
CVE-2021-20581 was published Oct 17, 2023
@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError Moderate
CVE-2023-40178 was published for @node-saml/node-saml (npm) Aug 21, 2023
jindazhao01
Admidio Insufficient Session Expiration vulnerability Moderate
CVE-2023-4190 was published for admidio/admidio (Composer) Aug 6, 2023
Answer Insufficient Session Expiration vulnerability Moderate
CVE-2023-4126 was published for github.com/answerdev/answer (Go) Aug 3, 2023
Mattermost fails to check if an admin user account active after an oauth2 flow is started,... Moderate Unreviewed
CVE-2023-2788 was published Jun 16, 2023
IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which... Moderate Unreviewed
CVE-2020-4914 was published May 5, 2023
IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information... Moderate Unreviewed
CVE-2022-38707 was published May 5, 2023
Concrete CMS missing secure cookie parameters Moderate
CVE-2023-28472 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be... Moderate Unreviewed
CVE-2022-37186 was published Apr 16, 2023
Firefly III insufficiently expires sessions Moderate
CVE-2023-1788 was published for grumpydictator/firefly-iii (Composer) Apr 5, 2023
This disclosure regards a vulnerability related to UAA refresh tokens and external identity... Moderate Unreviewed
CVE-2023-20903 was published Mar 28, 2023
Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a... Moderate Unreviewed
CVE-2021-3844 was published Mar 24, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database