Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,944
Erlang
29
GitHub Actions
16
Go
1,729
Maven
4,955
npm
3,489
NuGet
607
pip
3,058
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

109 advisories

Reportico Web fails to invalidate cookies upon logout Moderate
CVE-2024-31556 was published for reportico-web/reportico (Composer) May 14, 2024
Directus Lacks Session Tokens Invalidation Moderate
CVE-2024-34709 was published for directus (npm) May 13, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which... Moderate Unreviewed
CVE-2023-40695 was published May 3, 2024
Keycloak vulnerable to session hijacking via re-authentication Moderate
CVE-2023-6787 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3... Moderate Unreviewed
CVE-2024-22358 was published Apr 12, 2024
zcap has incomplete expiration checks in capability chains. Moderate
CVE-2024-31995 was published for @digitalbazaar/zcap (npm) Apr 10, 2024
Contao: Remember-me tokens will not be cleared after a password change Moderate
CVE-2024-30262 was published for contao/core-bundle (Composer) Apr 9, 2024
bytehead
Shopware Improper Session Handling in store-api account logout Moderate
CVE-2024-31447 was published for shopware/core (Composer) Apr 8, 2024
mdanilowicz
Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session... Moderate Unreviewed
CVE-2024-25954 was published Mar 28, 2024
A CWE-613 “Insufficient Session Expiration” vulnerability in the web application, due to the... Moderate Unreviewed
CVE-2023-45600 was published Mar 5, 2024
Session Fixation Apache DolphinScheduler Moderate
CVE-2023-50270 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
oscerd
Insufficient Session Expiration in github.com/greenpau/caddy-security Moderate
CVE-2024-21492 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in... Moderate Unreviewed
CVE-2024-0008 was published Feb 14, 2024
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session... Moderate Unreviewed
CVE-2023-45187 was published Feb 9, 2024
IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an... Moderate Unreviewed
CVE-2023-50936 was published Feb 2, 2024
A vulnerability, which was classified as problematic, was found in SourceCodester Engineers... Moderate Unreviewed
CVE-2024-0260 was published Jan 7, 2024
yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection Moderate
CVE-2023-46121 was published for yt-dlp (pip) Nov 15, 2023
coletdjnz
Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Moderate Unreviewed
CVE-2023-5889 was published Nov 1, 2023
Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to... Moderate Unreviewed
CVE-2023-39695 was published Nov 1, 2023
Insufficient Session Expiration in GitHub repository linkstackorg/linkstack prior to v4.2.9. Moderate Unreviewed
CVE-2023-5838 was published Oct 29, 2023
HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate... Moderate Unreviewed
CVE-2023-37504 was published Oct 19, 2023
IBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain sensitive... Moderate Unreviewed
CVE-2021-20581 was published Oct 17, 2023
@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError Moderate
CVE-2023-40178 was published for @node-saml/node-saml (npm) Aug 21, 2023
jindazhao01
Admidio Insufficient Session Expiration vulnerability Moderate
CVE-2023-4190 was published for admidio/admidio (Composer) Aug 6, 2023
Answer Insufficient Session Expiration vulnerability Moderate
CVE-2023-4126 was published for github.com/answerdev/answer (Go) Aug 3, 2023
ProTip! Advisories are also available from the GraphQL API