Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

61 advisories

Loading
An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8... High Unreviewed
CVE-2021-45885 was published Dec 30, 2021
In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session... High Unreviewed
CVE-2022-22113 was published Jan 14, 2022
Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a session on the server-side... High Unreviewed
CVE-2021-37866 was published Jan 19, 2022
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't... High Unreviewed
CVE-2022-24341 was published Feb 26, 2022
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the... High Unreviewed
CVE-2022-0996 was published Mar 24, 2022
An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each... High Unreviewed
CVE-2009-20001 was published Apr 21, 2022
In Shopizer versions 2.3.0 to 3.0.1 are vulnerable to Insufficient Session Expiration. When a... High Unreviewed
CVE-2022-23063 was published May 4, 2022
An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK... High Unreviewed
CVE-2016-8712 was published May 13, 2022
On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not... High Unreviewed
CVE-2018-10990 was published May 13, 2022
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an... High Unreviewed
CVE-2018-0152 was published May 13, 2022
A flaw was found in the CloudForms account configuration when using VMware. By default, a shared... High Unreviewed
CVE-2017-12191 was published May 13, 2022
OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote... High Unreviewed
CVE-2017-11667 was published May 13, 2022
In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf... High Unreviewed
CVE-2018-1195 was published May 13, 2022
Improper administrator IP validation after his login in the HTTPd server in all current versions ... High Unreviewed
CVE-2017-15653 was published May 14, 2022
iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and... High Unreviewed
CVE-2017-6145 was published May 17, 2022
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking... High Unreviewed
CVE-2017-6529 was published May 17, 2022
A remote authorization bypass vulnerability was discovered in Aruba ClearPass Policy Manager... High Unreviewed
CVE-2022-23669 was published May 18, 2022
Prima Systems FlexAir devices have an Insufficient Session-ID Length. High Unreviewed
CVE-2019-7280 was published May 24, 2022
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an... High Unreviewed
CVE-2019-5638 was published May 24, 2022
cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed... High Unreviewed
CVE-2019-17375 was published May 24, 2022
An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The... High Unreviewed
CVE-2020-24387 was published May 24, 2022
Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout. High Unreviewed
CVE-2020-15950 was published May 24, 2022
Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both... High Unreviewed
CVE-2020-23140 was published May 24, 2022
The REST/JSON project 7.x-1.x for Drupal allows session name guessing, aka SA-CONTRIB-2016-033.... High Unreviewed
CVE-2016-20007 was published May 24, 2022
Files.com Fat Client 3.3.6 allows authentication bypass because the client continues to have... High Unreviewed
CVE-2021-3183 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database