Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

309 advisories

Loading
Insufficient Session Expiration vulnerability in Drupal Persistent Login allows Forceful Browsing... Critical Unreviewed
CVE-2024-13280 was published Jan 9, 2025
Apache Airflow Fab Provider Insufficient Session Expiration vulnerability Low
CVE-2024-45033 was published for apache-airflow-providers-fab (pip) Jan 8, 2025
: Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation... Moderate Unreviewed
CVE-2024-11627 was published Jan 7, 2025
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity... High Unreviewed
CVE-2025-22386 was published Jan 4, 2025
Missing session invalidation after user deletion. The following products are affected: Acronis... Moderate Unreviewed
CVE-2024-56413 was published Jan 2, 2025
In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles Moderate Unreviewed
CVE-2024-56351 was published Dec 20, 2024
TShock Security Escalation Exploit High
GHSA-hvm9-wc8j-mgrc was published for TShock (NuGet) Dec 18, 2024
sgkoishi THEXN
A vulnerability was found in InvoicePlane up to 1.6.1 and classified as problematic. Affected by... Moderate Unreviewed
CVE-2024-12667 was published Dec 16, 2024
In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which... Low Unreviewed
CVE-2024-7998 was published Aug 21, 2024
An issue in Ateme Flamingo XL v.3.6.20 and XS v.3.6.5 allows a remote authenticated attacker to... High Unreviewed
CVE-2023-36252 was published Jun 26, 2023
An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17... Moderate Unreviewed
CVE-2024-11668 was published Nov 26, 2024
OpenStack Identity (Keystone) UUID v2 tokens does not expire with revocation events High
CVE-2014-5252 was published for keystone (pip) May 17, 2022
OpenStack Identity (Keystone) Multiple vulnerabilities in revocation events High
CVE-2014-5251 was published for keystone (pip) May 17, 2022
OpenStack Keystone Domain-scoped tokens don't get revoked High
CVE-2014-5253 was published for keystone (pip) May 17, 2022
Mage AI incorrectly gives privileges to users with deleted accounts Moderate
CVE-2024-45187 was published for mage-ai (pip) Aug 23, 2024
IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for... Moderate Unreviewed
CVE-2024-35160 was published Nov 23, 2024
An issue was discovered in LemonLDAP::NG before 2.0.12. There is a missing expiration check in... Critical Unreviewed
CVE-2021-35473 was published Nov 11, 2024
vantage6 refresh tokens do not expire High
CVE-2023-23929 was published for vantage6 (pip) Feb 28, 2023
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability Low
CVE-2024-42447 was published for apache-airflow-providers-fab (pip) Aug 5, 2024
aiohttp-session creates non-expiring sessions High
CVE-2018-1000814 was published for aiohttp-session (pip) Dec 20, 2018
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin High
CVE-2024-52553 was published for org.jenkins-ci.plugins:oic-auth (Maven) Nov 13, 2024
A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue... Moderate Unreviewed
CVE-2024-11208 was published Nov 14, 2024
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected... Moderate Unreviewed
CVE-2024-46892 was published Nov 12, 2024
cskefu v7 suffers from Insufficient Session Expiration, which allows attackers to exploit the old... Moderate Unreviewed
CVE-2024-29402 was published Apr 17, 2024
IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers from Insufficient Session Expiration.... Moderate Unreviewed
CVE-2024-46040 was published Oct 7, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database