GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
294 advisories
Filter by severity
aiohttp-session creates non-expiring sessions
High
CVE-2018-1000814
was published
for
aiohttp-session
(pip)
Dec 20, 2018
Apache NiFi user log out issue
High
CVE-2019-12421
was published
for
org.apache.nifi:nifi-web-api
(Maven)
Dec 2, 2019
Ensure that doorkeeper_token is valid when authenticating requests in API v2 calls
High
CVE-2020-15269
was published
for
spree
(RubyGems)
Oct 20, 2020
October CMS Session ID not invalidated after logout
Critical
CVE-2021-3311
was published
for
october/rain
(Composer)
Feb 10, 2021
Potential Session Hijacking
Low
GHSA-h9q8-5gv2-v6mg
was published
for
shopware/platform
(Composer)
Mar 12, 2021
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
Moderate
CVE-2021-31408
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 22, 2021
Insufficient Session Expiration in Kiali
High
CVE-2020-1762
was published
for
github.com/kiali/kiali
(Go)
May 18, 2021
Invalid session token expiration
High
CVE-2021-32923
was published
for
github.com/hashicorp/vault
(Go)
Jun 8, 2021
Insufficient Session Expiration in OpenStack Keystone
High
CVE-2020-12690
was published
for
keystone
(pip)
Jun 9, 2021
SessionListener can prevent a session from being invalidated breaking logout
Low
CVE-2021-34428
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Jun 23, 2021
Insufficient Session Expiration and TOCTOU Race Condition in OPC FOundation UA .Net Standard
Moderate
CVE-2020-8867
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Aug 2, 2021
incomplete JupyterHub logout with simultaneous JupyterLab sessions
Moderate
CVE-2021-41247
was published
for
jupyterhub
(pip)
Nov 8, 2021
Insufficient Session Expiration in @cyyynthia/tokenize
High
GHSA-jcjx-c3j3-44pr
was published
for
@cyyynthia/tokenize
(npm)
Nov 10, 2021
Apostrophe CMS Insufficient Session Expiration vulnerability
Critical
CVE-2021-25979
was published
for
apostrophe
(npm)
Nov 10, 2021
Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration...
Critical
Unreviewed
CVE-2021-36330
was published
Dec 1, 2021
An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase®...
Critical
Unreviewed
CVE-2021-42545
was published
Dec 1, 2021
Mahavitaran android application 7.50 and prior are affected by account takeover due to improper...
Critical
Unreviewed
CVE-2020-27416
was published
Dec 9, 2021
An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8...
High
Unreviewed
CVE-2021-45885
was published
Dec 30, 2021
An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware...
Critical
Unreviewed
CVE-2021-35034
was published
Dec 30, 2021
In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through...
Critical
Unreviewed
CVE-2021-25981
was published
Jan 4, 2022
Insufficient Session Expiration in shopware
Low
CVE-2022-21652
was published
for
shopware/shopware
(Composer)
Jan 6, 2022
Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging...
Low
Unreviewed
CVE-2022-22283
was published
Jan 11, 2022
In Mattermost Focalboard, versions prior to v0.7.5, v0.8.4, v0.9.5, v0.10.1 and v0.11.0-rc1; as...
Critical
Unreviewed
CVE-2022-22122
was published
Jan 14, 2022
In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session...
High
Unreviewed
CVE-2022-22113
was published
Jan 14, 2022
Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a session on the server-side...
High
Unreviewed
CVE-2021-37866
was published
Jan 19, 2022
ProTip!
Advisories are also available from the
GraphQL API