GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,944
Erlang
29
GitHub Actions
16
Go
1,729
Maven
4,955
npm
3,489
NuGet
607
pip
3,058
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
109 advisories
Filter by severity
Reportico Web fails to invalidate cookies upon logout
Moderate
CVE-2024-31556
was published
for
reportico-web/reportico
(Composer)
May 14, 2024
Directus Lacks Session Tokens Invalidation
Moderate
CVE-2024-34709
was published
for
directus
(npm)
May 13, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which...
Moderate
Unreviewed
CVE-2023-40695
was published
May 3, 2024
Keycloak vulnerable to session hijacking via re-authentication
Moderate
CVE-2023-6787
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3...
Moderate
Unreviewed
CVE-2024-22358
was published
Apr 12, 2024
zcap has incomplete expiration checks in capability chains.
Moderate
CVE-2024-31995
was published
for
@digitalbazaar/zcap
(npm)
Apr 10, 2024
Contao: Remember-me tokens will not be cleared after a password change
Moderate
CVE-2024-30262
was published
for
contao/core-bundle
(Composer)
Apr 9, 2024
Shopware Improper Session Handling in store-api account logout
Moderate
CVE-2024-31447
was published
for
shopware/core
(Composer)
Apr 8, 2024
Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session...
Moderate
Unreviewed
CVE-2024-25954
was published
Mar 28, 2024
A CWE-613 “Insufficient Session Expiration” vulnerability in the web application, due to the...
Moderate
Unreviewed
CVE-2023-45600
was published
Mar 5, 2024
Session Fixation Apache DolphinScheduler
Moderate
CVE-2023-50270
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 20, 2024
Insufficient Session Expiration in github.com/greenpau/caddy-security
Moderate
CVE-2024-21492
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in...
Moderate
Unreviewed
CVE-2024-0008
was published
Feb 14, 2024
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session...
Moderate
Unreviewed
CVE-2023-45187
was published
Feb 9, 2024
IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an...
Moderate
Unreviewed
CVE-2023-50936
was published
Feb 2, 2024
A vulnerability, which was classified as problematic, was found in SourceCodester Engineers...
Moderate
Unreviewed
CVE-2024-0260
was published
Jan 7, 2024
yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection
Moderate
CVE-2023-46121
was published
for
yt-dlp
(pip)
Nov 15, 2023
Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
Moderate
Unreviewed
CVE-2023-5889
was published
Nov 1, 2023
Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to...
Moderate
Unreviewed
CVE-2023-39695
was published
Nov 1, 2023
Insufficient Session Expiration in GitHub repository linkstackorg/linkstack prior to v4.2.9.
Moderate
Unreviewed
CVE-2023-5838
was published
Oct 29, 2023
HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate...
Moderate
Unreviewed
CVE-2023-37504
was published
Oct 19, 2023
IBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain sensitive...
Moderate
Unreviewed
CVE-2021-20581
was published
Oct 17, 2023
@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError
Moderate
CVE-2023-40178
was published
for
@node-saml/node-saml
(npm)
Aug 21, 2023
Admidio Insufficient Session Expiration vulnerability
Moderate
CVE-2023-4190
was published
for
admidio/admidio
(Composer)
Aug 6, 2023
Answer Insufficient Session Expiration vulnerability
Moderate
CVE-2023-4126
was published
for
github.com/answerdev/answer
(Go)
Aug 3, 2023
ProTip!
Advisories are also available from the
GraphQL API