GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,892
Composer 4,266
Erlang 31
GitHub Actions 21
Go 2,041
Maven 5,224
npm 3,733
NuGet 662
pip 3,414
Pub 12
RubyGems 891
Rust 866
Swift 36

Unreviewed advisories

All unreviewed 238,102

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

302 advisories

Filter by severity

Sort by

Least recently updated

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are... Critical Unreviewed

CVE-2016-5069 was published May 17, 2022

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S ... High Unreviewed

CVE-2022-33137 was published Jul 13, 2022

Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to... Moderate Unreviewed

CVE-2022-34624 was published Aug 20, 2022

A remote authorization bypass vulnerability was discovered in Aruba ClearPass Policy Manager... High Unreviewed

CVE-2022-23669 was published May 18, 2022

Pyload Insufficient Session Expiration vulnerability Moderate

CVE-2023-0227 was published for pyload-ng (pip) Jan 12, 2023

NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the... Critical Unreviewed

CVE-2016-11014 was published May 24, 2022

In affected versions of Octopus Server it was identified that a session cookie could be used as... Moderate Unreviewed

CVE-2022-2783 was published Oct 6, 2022

A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for... Moderate Unreviewed

CVE-2020-3188 was published May 24, 2022

OpenVPN Access Server older than version 2.8.4 generates new user authentication tokens instead... Moderate Unreviewed

CVE-2020-15074 was published May 24, 2022

An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK... High Unreviewed

CVE-2016-8712 was published May 13, 2022

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The... Moderate Unreviewed

CVE-2020-13299 was published May 24, 2022

OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam... Moderate Unreviewed

CVE-2020-4780 was published May 24, 2022

The system console configuration option 'log-out-on-disconnect' In Juniper Networks Junos OS... Moderate Unreviewed

CVE-2020-1666 was published May 24, 2022

An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. Because of implicitly remembered... Moderate Unreviewed

CVE-2020-15774 was published May 24, 2022

A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated... Critical Unreviewed

CVE-2020-27739 was published May 24, 2022

CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal... Moderate Unreviewed

CVE-2020-25374 was published May 24, 2022

IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could... Moderate Unreviewed

CVE-2020-4395 was published May 24, 2022

Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout. High Unreviewed

CVE-2020-15950 was published May 24, 2022

In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire... Critical Unreviewed

CVE-2020-27422 was published May 24, 2022

Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both... High Unreviewed

CVE-2020-23140 was published May 24, 2022

An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The... High Unreviewed

CVE-2020-24387 was published May 24, 2022

The REST/JSON project 7.x-1.x for Drupal allows session name guessing, aka SA-CONTRIB-2016-033.... High Unreviewed

CVE-2016-20007 was published May 24, 2022

IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through... Moderate Unreviewed

CVE-2022-40228 was published Nov 22, 2022

The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through... Moderate Unreviewed

CVE-2021-27351 was published May 24, 2022

In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie... Critical Unreviewed

CVE-2020-29667 was published May 24, 2022

Previous 1 2 3 4 5 … 12 13 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

302 advisories