Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

299 advisories

Loading
SessionListener can prevent a session from being invalidated breaking logout Low
CVE-2021-34428 was published for org.eclipse.jetty:jetty-server (Maven) Jun 23, 2021
rmannibucau stephenc
XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS... Moderate Unreviewed
CVE-2018-2451 was published May 13, 2022
Insufficient Session Expiration and TOCTOU Race Condition in OPC FOundation UA .Net Standard Moderate
CVE-2020-8867 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Aug 2, 2021
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19 Moderate
CVE-2021-31408 was published for com.vaadin:vaadin-bom (Maven) Apr 22, 2021
Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has... Moderate Unreviewed
CVE-2019-5641 was published Sep 22, 2022
Insufficient Session Expiration in librenms/librenms Critical
CVE-2022-4070 was published for librenms/librenms (Composer) Nov 20, 2022
On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not... High Unreviewed
CVE-2018-10990 was published May 13, 2022
A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish... Moderate Unreviewed
CVE-2019-0015 was published May 13, 2022
nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key... Moderate Unreviewed
CVE-2014-3616 was published May 13, 2022
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 ... Critical Unreviewed
CVE-2022-24042 was published May 11, 2022
HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session... Low Unreviewed
CVE-2021-27751 was published May 7, 2022
In Shopizer versions 2.3.0 to 3.0.1 are vulnerable to Insufficient Session Expiration. When a... High Unreviewed
CVE-2022-23063 was published May 4, 2022
devhub 0.102.0 was discovered to contain a broken session control. Moderate Unreviewed
CVE-2022-41542 was published Oct 17, 2022
IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow... Moderate Unreviewed
CVE-2022-41291 was published Oct 7, 2022
Cockpit before 2.2.0 vulnerable to Insufficient Session Expiration Critical
CVE-2022-2713 was published for aheinze/cockpit (Composer) Aug 9, 2022
In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an... High Unreviewed
CVE-2021-25966 was published May 24, 2022
IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session after logout which could... Moderate Unreviewed
CVE-2020-4696 was published May 24, 2022
In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack... High Unreviewed
CVE-2021-33322 was published May 24, 2022
In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration.... High Unreviewed
CVE-2021-25940 was published May 24, 2022
In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a user’s... Critical Unreviewed
CVE-2021-25985 was published May 24, 2022
TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset Moderate
CVE-2022-23502 was published for typo3/cms (Composer) Dec 13, 2022
derhansen
A vulnerability in the web-based management interface of multiple Cisco Small Business Series... High Unreviewed
CVE-2021-34739 was published May 24, 2022
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web... Critical Unreviewed
CVE-2021-40849 was published May 24, 2022
In affected versions of Octopus Server it is possible for a session token to be valid... Critical Unreviewed
CVE-2022-2782 was published Oct 27, 2022
IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to... Moderate Unreviewed
CVE-2021-29868 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database