GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
40 advisories
Filter by severity
An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1...
Critical
Unreviewed
CVE-2024-8888
was published
Sep 18, 2024
xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the...
Critical
Unreviewed
CVE-2024-29401
was published
Mar 26, 2024
On versions before 2.1.4, session is not invalidated after logout. When the user logged in...
Critical
Unreviewed
CVE-2024-29070
was published
Jul 23, 2024
SurveyKing v1.3.1 was discovered to keep users' sessions active after logout. Related to an...
Critical
Unreviewed
CVE-2024-35049
was published
May 14, 2024
An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an...
Critical
Unreviewed
CVE-2023-28001
was published
Jul 11, 2023
In Siren Investigate before 13.2.2, session keys remain active even after logging out.
Critical
Unreviewed
CVE-2023-35857
was published
Jun 19, 2023
Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an...
Critical
Unreviewed
CVE-2019-11168
was published
May 24, 2022
Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions.
Critical
Unreviewed
CVE-2018-21018
was published
May 24, 2022
A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1...
Critical
Unreviewed
CVE-2018-6634
was published
May 24, 2022
Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass...
Critical
Unreviewed
CVE-2014-2595
was published
May 17, 2022
IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than...
Critical
Unreviewed
CVE-2023-46158
was published
Oct 25, 2023
Fusiondirectory 1.3 suffers from Improper Session Handling.
Critical
Unreviewed
CVE-2022-36179
was published
Nov 22, 2022
A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate...
Critical
Unreviewed
CVE-2023-1854
was published
Apr 5, 2023
Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk <= 2.1.0p10...
Critical
Unreviewed
CVE-2022-48317
was published
Feb 20, 2023
In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the...
Critical
Unreviewed
CVE-2021-25992
was published
Feb 11, 2022
A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to...
Critical
Unreviewed
CVE-2021-22820
was published
Jan 29, 2022
In Mattermost Focalboard, versions prior to v0.7.5, v0.8.4, v0.9.5, v0.10.1 and v0.11.0-rc1; as...
Critical
Unreviewed
CVE-2022-22122
was published
Jan 14, 2022
In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through...
Critical
Unreviewed
CVE-2021-25981
was published
Jan 4, 2022
An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware...
Critical
Unreviewed
CVE-2021-35034
was published
Dec 30, 2021
Mahavitaran android application 7.50 and prior are affected by account takeover due to improper...
Critical
Unreviewed
CVE-2020-27416
was published
Dec 9, 2021
Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration...
Critical
Unreviewed
CVE-2021-36330
was published
Dec 1, 2021
An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase®...
Critical
Unreviewed
CVE-2021-42545
was published
Dec 1, 2021
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 ...
Critical
Unreviewed
CVE-2022-24042
was published
May 11, 2022
In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a user’s...
Critical
Unreviewed
CVE-2021-25985
was published
May 24, 2022
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web...
Critical
Unreviewed
CVE-2021-40849
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API