GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
61 advisories
Filter by severity
An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8...
High
Unreviewed
CVE-2021-45885
was published
Dec 30, 2021
In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session...
High
Unreviewed
CVE-2022-22113
was published
Jan 14, 2022
Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a session on the server-side...
High
Unreviewed
CVE-2021-37866
was published
Jan 19, 2022
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't...
High
Unreviewed
CVE-2022-24341
was published
Feb 26, 2022
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the...
High
Unreviewed
CVE-2022-0996
was published
Mar 24, 2022
An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each...
High
Unreviewed
CVE-2009-20001
was published
Apr 21, 2022
In Shopizer versions 2.3.0 to 3.0.1 are vulnerable to Insufficient Session Expiration. When a...
High
Unreviewed
CVE-2022-23063
was published
May 4, 2022
An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK...
High
Unreviewed
CVE-2016-8712
was published
May 13, 2022
On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not...
High
Unreviewed
CVE-2018-10990
was published
May 13, 2022
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an...
High
Unreviewed
CVE-2018-0152
was published
May 13, 2022
A flaw was found in the CloudForms account configuration when using VMware. By default, a shared...
High
Unreviewed
CVE-2017-12191
was published
May 13, 2022
OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote...
High
Unreviewed
CVE-2017-11667
was published
May 13, 2022
In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf...
High
Unreviewed
CVE-2018-1195
was published
May 13, 2022
Improper administrator IP validation after his login in the HTTPd server in all current versions ...
High
Unreviewed
CVE-2017-15653
was published
May 14, 2022
iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and...
High
Unreviewed
CVE-2017-6145
was published
May 17, 2022
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking...
High
Unreviewed
CVE-2017-6529
was published
May 17, 2022
A remote authorization bypass vulnerability was discovered in Aruba ClearPass Policy Manager...
High
Unreviewed
CVE-2022-23669
was published
May 18, 2022
Prima Systems FlexAir devices have an Insufficient Session-ID Length.
High
Unreviewed
CVE-2019-7280
was published
May 24, 2022
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an...
High
Unreviewed
CVE-2019-5638
was published
May 24, 2022
cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed...
High
Unreviewed
CVE-2019-17375
was published
May 24, 2022
An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The...
High
Unreviewed
CVE-2020-24387
was published
May 24, 2022
Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout.
High
Unreviewed
CVE-2020-15950
was published
May 24, 2022
Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both...
High
Unreviewed
CVE-2020-23140
was published
May 24, 2022
The REST/JSON project 7.x-1.x for Drupal allows session name guessing, aka SA-CONTRIB-2016-033....
High
Unreviewed
CVE-2016-20007
was published
May 24, 2022
Files.com Fat Client 3.3.6 allows authentication bypass because the client continues to have...
High
Unreviewed
CVE-2021-3183
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API