GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,512
Composer 4,179
Erlang 31
GitHub Actions 19
Go 1,982
Maven 5,155
npm 3,701
NuGet 656
pip 3,323
Pub 11
RubyGems 882
Rust 834
Swift 35

Unreviewed advisories

All unreviewed 233,009

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

40 advisories

Filter by severity

Sort by

Least recently updated

Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration... Critical Unreviewed

CVE-2021-36330 was published Dec 1, 2021

An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase®... Critical Unreviewed

CVE-2021-42545 was published Dec 1, 2021

Mahavitaran android application 7.50 and prior are affected by account takeover due to improper... Critical Unreviewed

CVE-2020-27416 was published Dec 9, 2021

An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware... Critical Unreviewed

CVE-2021-35034 was published Dec 30, 2021

In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through... Critical Unreviewed

CVE-2021-25981 was published Jan 4, 2022

In Mattermost Focalboard, versions prior to v0.7.5, v0.8.4, v0.9.5, v0.10.1 and v0.11.0-rc1; as... Critical Unreviewed

CVE-2022-22122 was published Jan 14, 2022

A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to... Critical Unreviewed

CVE-2021-22820 was published Jan 29, 2022

In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the... Critical Unreviewed

CVE-2021-25992 was published Feb 11, 2022

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 ... Critical Unreviewed

CVE-2022-24042 was published May 11, 2022

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are... Critical Unreviewed

CVE-2016-5069 was published May 17, 2022

Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass... Critical Unreviewed

CVE-2014-2595 was published May 17, 2022

A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1... Critical Unreviewed

CVE-2018-6634 was published May 24, 2022

Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions. Critical Unreviewed

CVE-2018-21018 was published May 24, 2022

NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the... Critical Unreviewed

CVE-2016-11014 was published May 24, 2022

Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an... Critical Unreviewed

CVE-2019-11168 was published May 24, 2022

A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated... Critical Unreviewed

CVE-2020-27739 was published May 24, 2022

In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire... Critical Unreviewed

CVE-2020-27422 was published May 24, 2022

In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie... Critical Unreviewed

CVE-2020-29667 was published May 24, 2022

An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and... Critical Unreviewed

CVE-2020-6649 was published May 24, 2022

DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On... Critical Unreviewed

CVE-2020-35358 was published May 24, 2022

The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an... Critical Unreviewed

CVE-2021-38823 was published May 24, 2022

Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at... Critical Unreviewed

CVE-2021-37333 was published May 24, 2022

An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and... Critical Unreviewed

CVE-2021-24019 was published May 24, 2022

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web... Critical Unreviewed

CVE-2021-40849 was published May 24, 2022

In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a user’s... Critical Unreviewed

CVE-2021-25985 was published May 24, 2022

Previous 1 2 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

40 advisories