Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

294 advisories

Loading
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout... Critical Unreviewed
CVE-2022-22317 was published Jun 21, 2022
Insufficient Session Expiration in Nakama High
CVE-2022-2306 was published for github.com/heroiclabs/nakama (Go) Jul 6, 2022
A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S ... High Unreviewed
CVE-2022-33137 was published Jul 13, 2022
FlyteAdmin Insufficient AccessToken Expiration Check Moderate
CVE-2022-31145 was published for github.com/flyteorg/flyteadmin (Go) Jul 15, 2022
mayitbeegh
NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the ... Moderate Unreviewed
CVE-2022-30698 was published Aug 2, 2022
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the ... Moderate Unreviewed
CVE-2022-30699 was published Aug 2, 2022
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x... Critical Unreviewed
CVE-2022-35728 was published Aug 5, 2022
Cockpit before 2.2.0 vulnerable to Insufficient Session Expiration Critical
CVE-2022-2713 was published for aheinze/cockpit (Composer) Aug 9, 2022
Improper Access Control in GitHub repository namelessmc/nameless prior to v2.0.2. High Unreviewed
CVE-2022-2820 was published Aug 16, 2022
Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to... Moderate Unreviewed
CVE-2022-34624 was published Aug 20, 2022
Pinniped Supervisor Insufficient Session Expiration vulnerability Moderate
CVE-2022-31677 was published for go.pinniped.dev (Go) Sep 1, 2022
Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has... Moderate Unreviewed
CVE-2019-5641 was published Sep 22, 2022
OctoPrint vulnerable to Insufficient Session Expiration. Moderate
CVE-2022-2888 was published for OctoPrint (pip) Sep 22, 2022
By sending specific queries to the resolver, an attacker can cause named to crash. High Unreviewed
CVE-2022-3080 was published Sep 22, 2022
In affected versions of Octopus Server it was identified that a session cookie could be used as... Moderate Unreviewed
CVE-2022-2783 was published Oct 6, 2022
IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow... Moderate Unreviewed
CVE-2022-41291 was published Oct 7, 2022
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API High
CVE-2022-41672 was published for apache-airflow (pip) Oct 7, 2022
sunSUNQ
devhub 0.102.0 was discovered to contain a broken session control. Moderate Unreviewed
CVE-2022-41542 was published Oct 17, 2022
Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom... Critical Unreviewed
CVE-2021-46279 was published Oct 24, 2022
In affected versions of Octopus Server it is possible for a session token to be valid... Critical Unreviewed
CVE-2022-2782 was published Oct 27, 2022
"IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout... Moderate Unreviewed
CVE-2022-40230 was published Nov 4, 2022
HashiCorp Nomad vulnerable to Insufficient Session Expiration Low
CVE-2022-3867 was published for github.com/hashicorp/nomad (Go) Nov 10, 2022
tdunlap607
rdiffweb vulnerable to Insufficient Session Expiration High
CVE-2022-3362 was published for rdiffweb (pip) Nov 15, 2022
Insufficient Session Expiration in librenms/librenms Critical
CVE-2022-4070 was published for librenms/librenms (Composer) Nov 20, 2022
Fusiondirectory 1.3 suffers from Improper Session Handling. Critical Unreviewed
CVE-2022-36179 was published Nov 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database