GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
282 advisories
Filter by severity
An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1...
Critical
Unreviewed
CVE-2024-8888
was published
Sep 18, 2024
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an...
High
Unreviewed
CVE-2019-5638
was published
May 24, 2022
IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which...
Moderate
Unreviewed
CVE-2024-38315
was published
Sep 16, 2024
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API
High
CVE-2022-41672
was published
for
apache-airflow
(pip)
Oct 7, 2022
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2)....
Moderate
Unreviewed
CVE-2024-32006
was published
Sep 10, 2024
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to...
High
Unreviewed
CVE-2023-51772
was published
Dec 25, 2023
An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in...
Moderate
Unreviewed
CVE-2024-36523
was published
Jun 12, 2024
aiohttp-session creates non-expiring sessions
Moderate
CVE-2018-1000814
was published
for
aiohttp-session
(pip)
Dec 20, 2018
@fastify/session reuses destroyed session cookie
High
CVE-2024-35220
was published
for
@fastify/session
(npm)
May 21, 2024
An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers...
Moderate
Unreviewed
CVE-2024-22543
was published
Feb 27, 2024
The Central Manager user session refresh token does not expire when a user logs out. Note:...
High
Unreviewed
CVE-2024-39809
was published
Aug 14, 2024
An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and...
Low
Unreviewed
CVE-2022-45862
was published
Aug 13, 2024
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10...
Moderate
Unreviewed
CVE-2022-38382
was published
Aug 13, 2024
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider
High
CVE-2023-22650
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions ...
High
Unreviewed
CVE-2024-35206
was published
Jun 11, 2024
xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the...
Critical
Unreviewed
CVE-2024-29401
was published
Mar 26, 2024
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability
Moderate
CVE-2024-42447
was published
for
apache-airflow-providers-fab
(pip)
Aug 5, 2024
On versions before 2.1.4, session is not invalidated after logout. When the user logged in...
Critical
Unreviewed
CVE-2024-29070
was published
Jul 23, 2024
zenml-io/zenml does not expire the session after password reset
Low
CVE-2024-4680
was published
for
zenml
(pip)
Jun 8, 2024
IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could...
Moderate
Unreviewed
CVE-2023-26288
was published
Jul 30, 2024
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses...
Moderate
Unreviewed
CVE-2022-32759
was published
Jul 25, 2024
In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or...
High
Unreviewed
CVE-2024-41827
was published
Jul 22, 2024
Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps version 2.0.0...
High
Unreviewed
CVE-2024-27782
was published
Jul 9, 2024
KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1...
High
Unreviewed
CVE-2024-36041
was published
Jul 5, 2024
Reportico Web fails to invalidate cookies upon logout
Moderate
CVE-2024-31556
was published
for
reportico-web/reportico
(Composer)
May 14, 2024
ProTip!
Advisories are also available from the
GraphQL API