Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

90 advisories

Loading
rdiffweb vulnerable to Insufficient Session Expiration High
CVE-2022-3362 was published for rdiffweb (pip) Nov 15, 2022
Insufficient Session Expiration in pretix High
CVE-2023-27891 was published for pretix (pip) Mar 7, 2023
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider High
CVE-2023-22650 was published for github.com/rancher/rancher (Go) Jun 17, 2024
An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and... High Unreviewed
CVE-2024-48827 was published Oct 11, 2024
Insufficient Session Expiration in OpenStack Keystone High
CVE-2020-12690 was published for keystone (pip) Jun 9, 2021
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an... High Unreviewed
CVE-2019-5638 was published May 24, 2022
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API High
CVE-2022-41672 was published for apache-airflow (pip) Oct 7, 2022
sunSUNQ
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to... High Unreviewed
CVE-2023-51772 was published Dec 25, 2023
@fastify/session reuses destroyed session cookie High
CVE-2024-35220 was published for @fastify/session (npm) May 21, 2024
kaanoz1
The Central Manager user session refresh token does not expire when a user logs out.  Note:... High Unreviewed
CVE-2024-39809 was published Aug 14, 2024
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions ... High Unreviewed
CVE-2024-35206 was published Jun 11, 2024
In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or... High Unreviewed
CVE-2024-41827 was published Jul 22, 2024
Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps version 2.0.0... High Unreviewed
CVE-2024-27782 was published Jul 9, 2024
KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1... High Unreviewed
CVE-2024-36041 was published Jul 5, 2024
An issue in SurveyKing v1.3.1 allows attackers to escalate privileges via re-using the session ID... High Unreviewed
CVE-2024-35050 was published May 14, 2024
By sending specific queries to the resolver, an attacker can cause named to crash. High Unreviewed
CVE-2022-3080 was published Sep 22, 2022
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The... High Unreviewed
CVE-2024-5995 was published Jun 14, 2024
zfr authentication adapter did not verify validity of tokens High
GHSA-rcm4-jv5g-wccm was published for zfr/zfr-oauth2-server-module (Composer) Jun 7, 2024
@fastify/secure-session: Reuse of destroyed secure session cookie High
CVE-2024-31999 was published for @fastify/secure-session (npm) Apr 10, 2024
AdamKorcz mcollina
arthurscchan
An arithmetic overflow flaw was found in Satellite when creating a new personal access token.... High Unreviewed
CVE-2023-4320 was published Dec 30, 2023
A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows... High Unreviewed
CVE-2023-33303 was published Oct 13, 2023
When a non-admin user has been assigned an administrator role via an iControl REST PUT request... High Unreviewed
CVE-2023-42768 was published Oct 10, 2023
An authenticated user's session cookie may remain valid for a limited time after logging out... High Unreviewed
CVE-2023-40537 was published Oct 10, 2023
This vulnerability exists in ESDS Emagic Data Center Management Suit due to non-expiry of session... High Unreviewed
CVE-2023-37570 was published Aug 8, 2023
IBM Security Guardium 11.5 could allow a user to take over another user's session due to... High Unreviewed
CVE-2023-0041 was published Jun 5, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database