Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,268
Erlang
31
GitHub Actions
21
Go
2,043
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

303 advisories

Loading
An authenticated user's session cookie may remain valid for a limited time after logging out... High Unreviewed
CVE-2023-40537 was published Oct 10, 2023
When a non-admin user has been assigned an administrator role via an iControl REST PUT request... High Unreviewed
CVE-2023-42768 was published Oct 10, 2023
A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows... High Unreviewed
CVE-2023-33303 was published Oct 13, 2023
HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate... Moderate Unreviewed
CVE-2023-37504 was published Oct 19, 2023
Shopware Improper Session Handling in store-api account logout Moderate
CVE-2024-31447 was published for shopware/core (Composer) Apr 8, 2024
mdanilowicz
Contao: Remember-me tokens will not be cleared after a password change Moderate
CVE-2024-30262 was published for contao/core-bundle (Composer) Apr 9, 2024
bytehead
A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as... Low Unreviewed
CVE-2024-0942 was published Jan 26, 2024
IBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain sensitive... Moderate Unreviewed
CVE-2021-20581 was published Oct 17, 2023
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3... Moderate Unreviewed
CVE-2024-22358 was published Apr 12, 2024
zcap has incomplete expiration checks in capability chains. Moderate
CVE-2024-31995 was published for @digitalbazaar/zcap (npm) Apr 10, 2024
Keycloak Insufficient Session Expiry Moderate
CVE-2020-1724 was published for org.keycloak:keycloak-core (Maven) May 24, 2022
An arithmetic overflow flaw was found in Satellite when creating a new personal access token.... High Unreviewed
CVE-2023-4320 was published Dec 30, 2023
SimpleSAMLphp Invalid token creation and validation Moderate
CVE-2017-12867 was published for simplesamlphp/simplesamlphp (Composer) May 13, 2022
Keycloak vulnerable to session hijacking via re-authentication Moderate
CVE-2023-6787 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which... Moderate Unreviewed
CVE-2023-40695 was published May 3, 2024
Directus Lacks Session Tokens Invalidation Moderate
CVE-2024-34709 was published for directus (npm) May 13, 2024
@fastify/secure-session: Reuse of destroyed secure session cookie High
CVE-2024-31999 was published for @fastify/secure-session (npm) Apr 10, 2024
AdamKorcz mcollina
arthurscchan
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled Low
GHSA-5r8w-66hq-rc39 was published for silverstripe/framework (Composer) May 27, 2024
zfr authentication adapter did not verify validity of tokens High
GHSA-rcm4-jv5g-wccm was published for zfr/zfr-oauth2-server-module (Composer) Jun 7, 2024
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The... High Unreviewed
CVE-2024-5995 was published Jun 14, 2024
By sending specific queries to the resolver, an attacker can cause named to crash. High Unreviewed
CVE-2022-3080 was published Sep 22, 2022
SurveyKing v1.3.1 was discovered to keep users' sessions active after logout. Related to an... Critical Unreviewed
CVE-2024-35049 was published May 14, 2024
An issue in SurveyKing v1.3.1 allows attackers to execute a session replay attack after a user... Moderate Unreviewed
CVE-2024-35048 was published May 14, 2024
An issue in SurveyKing v1.3.1 allows attackers to escalate privileges via re-using the session ID... High Unreviewed
CVE-2024-35050 was published May 14, 2024
Reportico Web fails to invalidate cookies upon logout Moderate
CVE-2024-31556 was published for reportico-web/reportico (Composer) May 14, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database