Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

288 advisories

Loading
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web... Critical Unreviewed
CVE-2021-40849 was published May 24, 2022
IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to... Moderate Unreviewed
CVE-2021-29868 was published May 24, 2022
The vulnerability can be described as a failure to invalidate user session upon password change.... Moderate Unreviewed
CVE-2021-35214 was published May 24, 2022
IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session... Moderate Unreviewed
CVE-2021-20473 was published May 24, 2022
An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and... Critical Unreviewed
CVE-2021-24019 was published May 24, 2022
The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an... Critical Unreviewed
CVE-2021-38823 was published May 24, 2022
Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at... Critical Unreviewed
CVE-2021-37333 was published May 24, 2022
An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may... Moderate Unreviewed
CVE-2020-29012 was published May 24, 2022
An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3... High Unreviewed
CVE-2021-33982 was published May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to... High Unreviewed
CVE-2021-39113 was published May 24, 2022
The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in... High Unreviewed
CVE-2021-35342 was published May 24, 2022
Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor... High Unreviewed
CVE-2021-37156 was published May 24, 2022
IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not invalidate session after... Moderate Unreviewed
CVE-2021-20431 was published May 24, 2022
An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions did not properly termine... Moderate Unreviewed
CVE-2021-26037 was published May 24, 2022
IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout... High Unreviewed
CVE-2021-20378 was published May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series... High Unreviewed
CVE-2021-1542 was published May 24, 2022
An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5... Moderate Unreviewed
CVE-2021-22221 was published May 24, 2022
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where... Low Unreviewed
CVE-2021-22136 was published May 24, 2022
A vulnerability in the SIP inspection engine of Cisco Adaptive Security Appliance (ASA) Software... High Unreviewed
CVE-2021-1501 was published May 24, 2022
A vulnerability was found in the Quay web application. Sessions in the Quay web application never... Moderate Unreviewed
CVE-2019-3867 was published May 24, 2022
DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On... Critical Unreviewed
CVE-2020-35358 was published May 24, 2022
SaltStack Salt eauth tokens can be used once after expiration Critical
CVE-2021-3144 was published for salt (pip) May 24, 2022
The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through... Moderate Unreviewed
CVE-2021-27351 was published May 24, 2022
Magento Insufficient Session Expiration Moderate
CVE-2021-21031 was published for magento/community-edition (Composer) May 24, 2022
Magento Insufficient Session Expiration Moderate
CVE-2021-21032 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database