Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

309 advisories

Loading
OpenVPN Access Server older than version 2.8.4 generates new user authentication tokens instead... Moderate Unreviewed
CVE-2020-15074 was published May 24, 2022
A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for... Moderate Unreviewed
CVE-2020-3188 was published May 24, 2022
In affected versions of Octopus Server it was identified that a session cookie could be used as... Moderate Unreviewed
CVE-2022-2783 was published Oct 6, 2022
NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the... Critical Unreviewed
CVE-2016-11014 was published May 24, 2022
Pyload Insufficient Session Expiration vulnerability Moderate
CVE-2023-0227 was published for pyload-ng (pip) Jan 12, 2023
A remote authorization bypass vulnerability was discovered in Aruba ClearPass Policy Manager... High Unreviewed
CVE-2022-23669 was published May 18, 2022
Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to... Moderate Unreviewed
CVE-2022-34624 was published Aug 20, 2022
A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S ... High Unreviewed
CVE-2022-33137 was published Jul 13, 2022
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are... Critical Unreviewed
CVE-2016-5069 was published May 17, 2022
Insufficient Session Expiration in Nakama High
CVE-2022-2306 was published for github.com/heroiclabs/nakama (Go) Jul 6, 2022
Insufficient Session Expiration in TYPO3's Admin Tool Moderate
CVE-2022-31050 was published for typo3/cms (Composer) Jun 17, 2022
waldhacker1 ohader
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout... Critical Unreviewed
CVE-2022-22318 was published Jun 21, 2022
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout... Critical Unreviewed
CVE-2022-22317 was published Jun 21, 2022
** DISPUTED ** A vulnerability has been found in Microsoft O365 and classified as critical. The... High Unreviewed
CVE-2022-2076 was published Jun 15, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series... High Unreviewed
CVE-2021-1542 was published May 24, 2022
Insufficient Session Expiration in NocoDB High
CVE-2022-2064 was published for nocodb (npm) Jun 14, 2022
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking... High Unreviewed
CVE-2017-6529 was published May 17, 2022
IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access... High Unreviewed
CVE-2022-43844 was published Jan 5, 2023
BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration... Moderate Unreviewed
CVE-2022-30277 was published Jun 3, 2022
Invalid session token expiration High
CVE-2021-32923 was published for github.com/hashicorp/vault (Go) Jun 8, 2021
Insufficient Session Expiration in Jenkins High
CVE-2019-1003049 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom... Critical Unreviewed
CVE-2021-46279 was published Oct 24, 2022
A vulnerability in the SIP inspection engine of Cisco Adaptive Security Appliance (ASA) Software... High Unreviewed
CVE-2021-1501 was published May 24, 2022
An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each... High Unreviewed
CVE-2009-20001 was published Apr 21, 2022
Old sessions not blocked by login enable function in Snipe-IT High
CVE-2022-1155 was published for snipe/snipe-it (Composer) Mar 31, 2022
joelpittet
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database