GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
125 advisories
Filter by severity
aiohttp-session creates non-expiring sessions
Moderate
CVE-2018-1000814
was published
for
aiohttp-session
(pip)
Dec 20, 2018
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
Moderate
CVE-2021-31408
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 22, 2021
Insufficient Session Expiration and TOCTOU Race Condition in OPC FOundation UA .Net Standard
Moderate
CVE-2020-8867
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Aug 2, 2021
incomplete JupyterHub logout with simultaneous JupyterLab sessions
Moderate
CVE-2021-41247
was published
for
jupyterhub
(pip)
Nov 8, 2021
Insufficient Session Expiration in Pterodactyl API
Moderate
GHSA-7v3x-h7r2-34jv
was published
for
pterodactyl/panel
(Composer)
Jan 21, 2022
Insufficient Session Expiration in Apache NiFi Registry
Moderate
CVE-2020-9482
was published
for
org.apache.nifi.registry:nifi-registry-web-api
(Maven)
Feb 9, 2022
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.
Moderate
Unreviewed
CVE-2022-24332
was published
Feb 26, 2022
IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an...
Moderate
Unreviewed
CVE-2021-38986
was published
Mar 2, 2022
Use of a Key Past its Expiration Date and Insufficient Session Expiration in Maddy Mail Server
Moderate
CVE-2022-24732
was published
for
github.com/foxcpp/maddy
(Go)
Mar 7, 2022
SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing...
Moderate
Unreviewed
CVE-2022-25590
was published
Mar 26, 2022
nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key...
Moderate
Unreviewed
CVE-2014-3616
was published
May 13, 2022
A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish...
Moderate
Unreviewed
CVE-2019-0015
was published
May 13, 2022
XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS...
Moderate
Unreviewed
CVE-2018-2451
was published
May 13, 2022
Exploitation of session variables, resource IDs and other trusted credentials vulnerability in...
Moderate
Unreviewed
CVE-2017-3966
was published
May 13, 2022
The Milwaukee ONE-KEY Android mobile application uses bearer tokens with an expiration of one...
Moderate
Unreviewed
CVE-2017-3215
was published
May 13, 2022
An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller...
Moderate
Unreviewed
CVE-2017-14007
was published
May 13, 2022
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to...
Moderate
Unreviewed
CVE-2017-1000131
was published
May 13, 2022
SimpleSAMLphp Invalid token creation and validation
Moderate
CVE-2017-12867
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 13, 2022
Symfony DoS
Moderate
CVE-2018-11386
was published
for
symfony/http-foundation
(Composer)
May 14, 2022
A denial of service vulnerability exists in Schneider Electric's MiCOM Px4x (P540 range excluded)...
Moderate
Unreviewed
CVE-2018-7758
was published
May 14, 2022
Philips ISCV application prior to version 2.3.0 has an insufficient session expiration...
Moderate
Unreviewed
CVE-2018-5438
was published
May 14, 2022
IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to...
Moderate
Unreviewed
CVE-2017-1693
was published
May 14, 2022
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are...
Moderate
Unreviewed
CVE-2017-1000136
was published
May 17, 2022
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are...
Moderate
Unreviewed
CVE-2017-1000135
was published
May 17, 2022
IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2...
Moderate
Unreviewed
CVE-2019-4072
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API