Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

29 advisories

Loading
rdiffweb vulnerable to Insufficient Session Expiration High
CVE-2022-3362 was published for rdiffweb (pip) Nov 15, 2022
Insufficient Session Expiration in pretix High
CVE-2023-27891 was published for pretix (pip) Mar 7, 2023
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider High
CVE-2023-22650 was published for github.com/rancher/rancher (Go) Jun 17, 2024
Insufficient Session Expiration in OpenStack Keystone High
CVE-2020-12690 was published for keystone (pip) Jun 9, 2021
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API High
CVE-2022-41672 was published for apache-airflow (pip) Oct 7, 2022
sunSUNQ
@fastify/session reuses destroyed session cookie High
CVE-2024-35220 was published for @fastify/session (npm) May 21, 2024
kaanoz1
zfr authentication adapter did not verify validity of tokens High
GHSA-rcm4-jv5g-wccm was published for zfr/zfr-oauth2-server-module (Composer) Jun 7, 2024
@fastify/secure-session: Reuse of destroyed secure session cookie High
CVE-2024-31999 was published for @fastify/secure-session (npm) Apr 10, 2024
AdamKorcz mcollina
arthurscchan
Insufficient Session Expiration in thorsten/phpmyfaq High
CVE-2023-5865 was published for thorsten/phpmyfaq (Composer) Oct 31, 2023
Jenkins WSO2 Oauth Plugin Session Fixation vulnerability High
CVE-2023-33005 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) May 16, 2023
Insufficient Session Expiration after a password change High
CVE-2023-38489 was published for getkirby/cms (Composer) Jul 28, 2023
5hank4r
Argo CD web terminal session doesn't expire High
CVE-2023-40025 was published for github.com/argoproj/argo-cd (Go) Aug 23, 2023
zhlu32
Apache NiFi user log out issue High
CVE-2019-12421 was published for org.apache.nifi:nifi-web-api (Maven) Dec 2, 2019
Keycloak CSRF Vulnerability High
CVE-2017-12159 was published for org.keycloak:keycloak-parent (Maven) May 13, 2022
Keycloak insufficient session expiration High
CVE-2021-3461 was published for org.keycloak:keycloak-parent (Maven) Apr 3, 2022
Ensure that doorkeeper_token is valid when authenticating requests in API v2 calls High
CVE-2020-15269 was published for spree (RubyGems) Oct 20, 2020
Morantron
Answer vulnerable to Insufficient Session Expiration High
CVE-2023-1543 was published for github.com/answerdev/answer (Go) Mar 21, 2023
vantage6 refresh tokens do not expire High
CVE-2023-23929 was published for vantage6 (pip) Feb 28, 2023
Camaleon CMS Insufficient Session Expiration vulnerability High
CVE-2021-25970 was published for camaleon_cms (RubyGems) May 24, 2022
Insufficient Session Expiration in Jenkins Azure AD Plugin High
CVE-2023-24426 was published for org.jenkins-ci.plugins:azure-ad (Maven) Jan 26, 2023
Insufficient Session Expiration in Nakama High
CVE-2022-2306 was published for github.com/heroiclabs/nakama (Go) Jul 6, 2022
Insufficient Session Expiration in NocoDB High
CVE-2022-2064 was published for nocodb (npm) Jun 14, 2022
Invalid session token expiration High
CVE-2021-32923 was published for github.com/hashicorp/vault (Go) Jun 8, 2021
Insufficient Session Expiration in Jenkins High
CVE-2019-1003049 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Old sessions not blocked by login enable function in Snipe-IT High
CVE-2022-1155 was published for snipe/snipe-it (Composer) Mar 31, 2022
joelpittet
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database