Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

289 advisories

Loading
IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2... Moderate Unreviewed
CVE-2019-4072 was published May 24, 2022
The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x... Moderate Unreviewed
CVE-2019-3790 was published May 24, 2022
Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries... Moderate Unreviewed
CVE-2019-7215 was published May 24, 2022
Prima Systems FlexAir devices have an Insufficient Session-ID Length. High Unreviewed
CVE-2019-7280 was published May 24, 2022
After user deletion in MongoDB Server the improper invalidation of authorization sessions allows... Moderate Unreviewed
CVE-2019-2386 was published May 24, 2022
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an... High Unreviewed
CVE-2019-5638 was published May 24, 2022
An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the... Moderate Unreviewed
CVE-2019-16133 was published May 24, 2022
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache... Moderate Unreviewed
CVE-2019-14826 was published May 24, 2022
Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions. Critical Unreviewed
CVE-2018-21018 was published May 24, 2022
cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed... High Unreviewed
CVE-2019-17375 was published May 24, 2022
NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the... Critical Unreviewed
CVE-2016-11014 was published May 24, 2022
Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an... Critical Unreviewed
CVE-2019-11168 was published May 24, 2022
SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. The... Low Unreviewed
CVE-2020-6197 was published May 24, 2022
SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be... Moderate Unreviewed
CVE-2020-6178 was published May 24, 2022
A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for... Moderate Unreviewed
CVE-2020-3188 was published May 24, 2022
Keycloak Insufficient Session Expiry Moderate
CVE-2020-1724 was published for org.keycloak:keycloak-core (Maven) May 24, 2022
OpenVPN Access Server older than version 2.8.4 generates new user authentication tokens instead... Moderate Unreviewed
CVE-2020-15074 was published May 24, 2022
When an agent user is renamed or set to invalid the session belonging to the user is keept active... Moderate Unreviewed
CVE-2020-1776 was published May 24, 2022
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The... Moderate Unreviewed
CVE-2020-13299 was published May 24, 2022
An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. Because of implicitly remembered... Moderate Unreviewed
CVE-2020-15774 was published May 24, 2022
OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam... Moderate Unreviewed
CVE-2020-4780 was published May 24, 2022
IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could... Moderate Unreviewed
CVE-2020-4395 was published May 24, 2022
The system console configuration option 'log-out-on-disconnect' In Juniper Networks Junos OS... Moderate Unreviewed
CVE-2020-1666 was published May 24, 2022
An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The... High Unreviewed
CVE-2020-24387 was published May 24, 2022
CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal... Moderate Unreviewed
CVE-2020-25374 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database