Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

309 advisories

Loading
Shopware user session is not logged out if the password is reset via password recovery Low
CVE-2022-24744 was published for shopware/core (Composer) Mar 10, 2022
tdunlap607
Use of a Key Past its Expiration Date and Insufficient Session Expiration in Maddy Mail Server Moderate
CVE-2022-24732 was published for github.com/foxcpp/maddy (Go) Mar 7, 2022
ysf
IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an... Moderate Unreviewed
CVE-2021-38986 was published Mar 2, 2022
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie. Moderate Unreviewed
CVE-2022-24332 was published Feb 26, 2022
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't... High Unreviewed
CVE-2022-24341 was published Feb 26, 2022
In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the... Critical Unreviewed
CVE-2021-25992 was published Feb 11, 2022
Insufficient Session Expiration in Apache NiFi Registry Moderate
CVE-2020-9482 was published for org.apache.nifi.registry:nifi-registry-web-api (Maven) Feb 9, 2022
A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to... Critical Unreviewed
CVE-2021-22820 was published Jan 29, 2022
Insufficient Session Expiration in Pterodactyl API Moderate
GHSA-7v3x-h7r2-34jv was published for pterodactyl/panel (Composer) Jan 21, 2022
EgoMaw
Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a session on the server-side... High Unreviewed
CVE-2021-37866 was published Jan 19, 2022
In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session... High Unreviewed
CVE-2022-22113 was published Jan 14, 2022
In Mattermost Focalboard, versions prior to v0.7.5, v0.8.4, v0.9.5, v0.10.1 and v0.11.0-rc1; as... Critical Unreviewed
CVE-2022-22122 was published Jan 14, 2022
Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging... Low Unreviewed
CVE-2022-22283 was published Jan 11, 2022
Insufficient Session Expiration in shopware Low
CVE-2022-21652 was published for shopware/shopware (Composer) Jan 6, 2022
In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through... Critical Unreviewed
CVE-2021-25981 was published Jan 4, 2022
An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware... Critical Unreviewed
CVE-2021-35034 was published Dec 30, 2021
An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8... High Unreviewed
CVE-2021-45885 was published Dec 30, 2021
Mahavitaran android application 7.50 and prior are affected by account takeover due to improper... Critical Unreviewed
CVE-2020-27416 was published Dec 9, 2021
An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase®... Critical Unreviewed
CVE-2021-42545 was published Dec 1, 2021
Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration... Critical Unreviewed
CVE-2021-36330 was published Dec 1, 2021
Apostrophe CMS Insufficient Session Expiration vulnerability Critical
CVE-2021-25979 was published for apostrophe (npm) Nov 10, 2021
Insufficient Session Expiration in @cyyynthia/tokenize High
GHSA-jcjx-c3j3-44pr was published for @cyyynthia/tokenize (npm) Nov 10, 2021
williamwa
incomplete JupyterHub logout with simultaneous JupyterLab sessions Moderate
CVE-2021-41247 was published for jupyterhub (pip) Nov 8, 2021
fritterhoff
Insufficient Session Expiration and TOCTOU Race Condition in OPC FOundation UA .Net Standard Moderate
CVE-2020-8867 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Aug 2, 2021
SessionListener can prevent a session from being invalidated breaking logout Low
CVE-2021-34428 was published for org.eclipse.jetty:jetty-server (Maven) Jun 23, 2021
rmannibucau stephenc
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database