Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,361
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,794
NuGet
685
pip
3,473
Pub
12
RubyGems
895
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+

312 advisories

Loading
TYPO3 vulnerable to Insufficient Session Expiration Critical
CVE-2022-47406 was published for derhansen/fe_change_pwd (Composer) Dec 14, 2022
Insufficient Session Expiration in Jenkins Azure AD Plugin High
CVE-2023-24426 was published for org.jenkins-ci.plugins:azure-ad (Maven) Jan 26, 2023
Use of a Key Past its Expiration Date and Insufficient Session Expiration in Maddy Mail Server Moderate
CVE-2022-24732 was published for github.com/foxcpp/maddy (Go) Mar 7, 2022
ysf
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie. Moderate Unreviewed
CVE-2022-24332 was published Feb 26, 2022
IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an... Moderate Unreviewed
CVE-2021-38986 was published Mar 2, 2022
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't... High Unreviewed
CVE-2022-24341 was published Feb 26, 2022
In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the... Critical Unreviewed
CVE-2021-25992 was published Feb 11, 2022
A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to... Critical Unreviewed
CVE-2021-22820 was published Jan 29, 2022
In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session... High Unreviewed
CVE-2022-22113 was published Jan 14, 2022
Apostrophe CMS Insufficient Session Expiration vulnerability Critical
CVE-2021-25979 was published for apostrophe (npm) Nov 10, 2021
Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a session on the server-side... High Unreviewed
CVE-2021-37866 was published Jan 19, 2022
Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging... Low Unreviewed
CVE-2022-22283 was published Jan 11, 2022
In Mattermost Focalboard, versions prior to v0.7.5, v0.8.4, v0.9.5, v0.10.1 and v0.11.0-rc1; as... Critical Unreviewed
CVE-2022-22122 was published Jan 14, 2022
Insufficient Session Expiration in shopware Low
CVE-2022-21652 was published for shopware/shopware (Composer) Jan 6, 2022
In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through... Critical Unreviewed
CVE-2021-25981 was published Jan 4, 2022
An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8... High Unreviewed
CVE-2021-45885 was published Dec 30, 2021
An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware... Critical Unreviewed
CVE-2021-35034 was published Dec 30, 2021
In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf... High Unreviewed
CVE-2018-1195 was published May 13, 2022
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session... Moderate Unreviewed
CVE-2022-22371 was published Jan 5, 2023
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are... Moderate Unreviewed
CVE-2017-1000135 was published May 17, 2022
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are... Moderate Unreviewed
CVE-2017-1000136 was published May 17, 2022
iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and... High Unreviewed
CVE-2017-6145 was published May 17, 2022
IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to... Moderate Unreviewed
CVE-2017-1693 was published May 14, 2022
Improper administrator IP validation after his login in the HTTPd server in all current versions ... High Unreviewed
CVE-2017-15653 was published May 14, 2022
Philips ISCV application prior to version 2.3.0 has an insufficient session expiration... Moderate Unreviewed
CVE-2018-5438 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database