Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,945
Erlang
29
GitHub Actions
16
Go
1,731
Maven
4,961
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

260 advisories

Potential Session Hijacking Low
GHSA-h9q8-5gv2-v6mg was published for shopware/platform (Composer) Mar 12, 2021
Insufficient Session Expiration in Kiali High
CVE-2020-1762 was published for github.com/kiali/kiali (Go) May 18, 2021
Insufficient Session Expiration in @cyyynthia/tokenize High
GHSA-jcjx-c3j3-44pr was published for @cyyynthia/tokenize (npm) Nov 10, 2021
williamwa
Insufficient Session Expiration in Pterodactyl API Moderate
GHSA-7v3x-h7r2-34jv was published for pterodactyl/panel (Composer) Jan 21, 2022
EgoMaw
Shopware has Insufficient Session Expiration in Administration Low
CVE-2023-22732 was published for shopware/core (Composer) Jan 20, 2023
Zitadel RefreshToken invalidation vulnerability Moderate
CVE-2023-22492 was published for github.com/zitadel/zitadel (Go) Jan 11, 2023
sebastianbuechler
Insufficient Session Expiration in Sylius High
CVE-2022-24743 was published for sylius/sylius (Composer) Mar 14, 2022
Insufficient Session Expiration in Admidio High
CVE-2022-0991 was published for admidio/admidio (Composer) Mar 20, 2022
SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing... Moderate Unreviewed
CVE-2022-25590 was published Mar 26, 2022
Old sessions not blocked by login enable function in Snipe-IT High
CVE-2022-1155 was published for snipe/snipe-it (Composer) Mar 31, 2022
joelpittet
An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each... High Unreviewed
CVE-2009-20001 was published Apr 21, 2022
A vulnerability in the SIP inspection engine of Cisco Adaptive Security Appliance (ASA) Software... High Unreviewed
CVE-2021-1501 was published May 24, 2022
Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom... Critical Unreviewed
CVE-2021-46279 was published Oct 24, 2022
Insufficient Session Expiration in Jenkins High
CVE-2019-1003049 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Invalid session token expiration High
CVE-2021-32923 was published for github.com/hashicorp/vault (Go) Jun 8, 2021
BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration... Moderate Unreviewed
CVE-2022-30277 was published Jun 3, 2022
IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access... High Unreviewed
CVE-2022-43844 was published Jan 5, 2023
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking... High Unreviewed
CVE-2017-6529 was published May 17, 2022
Insufficient Session Expiration in NocoDB High
CVE-2022-2064 was published for nocodb (npm) Jun 14, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series... High Unreviewed
CVE-2021-1542 was published May 24, 2022
** DISPUTED ** A vulnerability has been found in Microsoft O365 and classified as critical. The... High Unreviewed
CVE-2022-2076 was published Jun 15, 2022
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout... Critical Unreviewed
CVE-2022-22318 was published Jun 21, 2022
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout... Critical Unreviewed
CVE-2022-22317 was published Jun 21, 2022
Insufficient Session Expiration in TYPO3's Admin Tool Moderate
CVE-2022-31050 was published for typo3/cms (Composer) Jun 17, 2022
waldhacker1 ohader
Insufficient Session Expiration in Nakama High
CVE-2022-2306 was published for github.com/heroiclabs/nakama (Go) Jul 6, 2022
ProTip! Advisories are also available from the GraphQL API