Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,070
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,628
NuGet
638
pip
3,240
Pub
10
RubyGems
858
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

281 advisories

Loading
Mattermost fails to check if an admin user account active after an oauth2 flow is started,... Moderate Unreviewed
CVE-2023-2788 was published Jun 16, 2023
IBM Security Guardium 11.5 could allow a user to take over another user's session due to... High Unreviewed
CVE-2023-0041 was published Jun 5, 2023
Jenkins WSO2 Oauth Plugin Session Fixation vulnerability High
CVE-2023-33005 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) May 16, 2023
IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which... Moderate Unreviewed
CVE-2020-4914 was published May 5, 2023
IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information... Moderate Unreviewed
CVE-2022-38707 was published May 5, 2023
An issue in the time-based authentication mechanism of Aigital Aigital Wireless-N Repeater... High Unreviewed
CVE-2023-30403 was published May 2, 2023
Concrete CMS missing secure cookie parameters Moderate
CVE-2023-28472 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker... High Unreviewed
CVE-2023-28003 was published Apr 18, 2023
In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be... Moderate Unreviewed
CVE-2022-37186 was published Apr 16, 2023
Firefly III insufficiently expires sessions Moderate
CVE-2023-1788 was published for grumpydictator/firefly-iii (Composer) Apr 5, 2023
A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate... Critical Unreviewed
CVE-2023-1854 was published Apr 5, 2023
This disclosure regards a vulnerability related to UAA refresh tokens and external identity... Moderate Unreviewed
CVE-2023-20903 was published Mar 28, 2023
Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a... Moderate Unreviewed
CVE-2021-3844 was published Mar 24, 2023
Answer vulnerable to Insufficient Session Expiration High
CVE-2023-1543 was published for github.com/answerdev/answer (Go) Mar 21, 2023
IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user... Low Unreviewed
CVE-2023-22591 was published Mar 15, 2023
Insufficient Session Expiration in pretix High
CVE-2023-27891 was published for pretix (pip) Mar 7, 2023
An insufficient session expiration vulnerability exists in the ArubaOS command line interface.... Low Unreviewed
CVE-2023-22771 was published Mar 1, 2023
vantage6 refresh tokens do not expire High
CVE-2023-23929 was published for vantage6 (pip) Feb 28, 2023
Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk <= 2.1.0p10... Critical Unreviewed
CVE-2022-48317 was published Feb 20, 2023
SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration... Moderate Unreviewed
CVE-2022-34392 was published Feb 11, 2023
Symfony vulnerable to Session Fixation of CSRF tokens Moderate
CVE-2022-24895 was published for symfony/security-bundle (Composer) Feb 1, 2023
nicolas-grekas lavish
Insufficient Session Expiration in Jenkins Azure AD Plugin High
CVE-2023-24426 was published for org.jenkins-ci.plugins:azure-ad (Maven) Jan 26, 2023
Shopware has Insufficient Session Expiration in Administration Low
CVE-2023-22732 was published for shopware/core (Composer) Jan 20, 2023
Pyload Insufficient Session Expiration vulnerability Moderate
CVE-2023-0227 was published for pyload-ng (pip) Jan 12, 2023
Zitadel RefreshToken invalidation vulnerability Moderate
CVE-2023-22492 was published for github.com/zitadel/zitadel (Go) Jan 11, 2023
sebastianbuechler
ProTip! Advisories are also available from the GraphQL API