Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,945
Erlang
29
GitHub Actions
16
Go
1,730
Maven
4,961
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

46 advisories

IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than... Critical Unreviewed
CVE-2023-46158 was published Oct 25, 2023
An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an... Critical Unreviewed
CVE-2023-28001 was published Jul 11, 2023
Apache InLong Insufficient Session Expiration vulnerability Critical
CVE-2023-31065 was published for org.apache.inlong:manager-dao (Maven) Jul 6, 2023
In Siren Investigate before 13.2.2, session keys remain active even after logging out. Critical Unreviewed
CVE-2023-35857 was published Jun 19, 2023
A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate... Critical Unreviewed
CVE-2023-1854 was published Apr 5, 2023
Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk <= 2.1.0p10... Critical Unreviewed
CVE-2022-48317 was published Feb 20, 2023
TYPO3 vulnerable to Insufficient Session Expiration Critical
CVE-2022-47406 was published for derhansen/fe_change_pwd (Composer) Dec 14, 2022
Fusiondirectory 1.3 suffers from Improper Session Handling. Critical Unreviewed
CVE-2022-36179 was published Nov 22, 2022
Insufficient Session Expiration in librenms/librenms Critical
CVE-2022-4070 was published for librenms/librenms (Composer) Nov 20, 2022
rdiffweb vulnerable to Insufficient Session Expiration Critical
CVE-2022-3362 was published for rdiffweb (pip) Nov 15, 2022
In affected versions of Octopus Server it is possible for a session token to be valid... Critical Unreviewed
CVE-2022-2782 was published Oct 27, 2022
Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom... Critical Unreviewed
CVE-2021-46279 was published Oct 24, 2022
Cockpit before 2.2.0 vulnerable to Insufficient Session Expiration Critical
CVE-2022-2713 was published for aheinze/cockpit (Composer) Aug 9, 2022
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x... Critical Unreviewed
CVE-2022-35728 was published Aug 5, 2022
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout... Critical Unreviewed
CVE-2022-22318 was published Jun 21, 2022
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout... Critical Unreviewed
CVE-2022-22317 was published Jun 21, 2022
In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a user’s... Critical Unreviewed
CVE-2021-25985 was published May 24, 2022
Token leases could outlive their TTL in HashiCorp Vault Critical
CVE-2020-25816 was published for github.com/hashicorp/vault (Go) May 24, 2022
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web... Critical Unreviewed
CVE-2021-40849 was published May 24, 2022
An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and... Critical Unreviewed
CVE-2021-24019 was published May 24, 2022
The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an... Critical Unreviewed
CVE-2021-38823 was published May 24, 2022
Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at... Critical Unreviewed
CVE-2021-37333 was published May 24, 2022
DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On... Critical Unreviewed
CVE-2020-35358 was published May 24, 2022
SaltStack Salt eauth tokens can be used once after expiration Critical
CVE-2021-3144 was published for salt (pip) May 24, 2022
An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and... Critical Unreviewed
CVE-2020-6649 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API