Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

294 advisories

Loading
When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the... High Unreviewed
CVE-2024-22389 was published Feb 14, 2024
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session... Moderate Unreviewed
CVE-2023-45187 was published Feb 9, 2024
Symfony DoS Moderate
CVE-2018-11386 was published for symfony/http-foundation (Composer) May 14, 2022
IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an... Moderate Unreviewed
CVE-2023-50936 was published Feb 2, 2024
Token leases could outlive their TTL in HashiCorp Vault Critical
CVE-2020-25816 was published for github.com/hashicorp/vault (Go) May 24, 2022
Magento Insufficient Session Expiration Moderate
CVE-2021-21031 was published for magento/community-edition (Composer) May 24, 2022
Magento Insufficient Session Expiration Moderate
CVE-2021-21032 was published for magento/community-edition (Composer) May 24, 2022
A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as... Low Unreviewed
CVE-2024-0350 was published Jan 10, 2024
A vulnerability, which was classified as problematic, was found in SourceCodester Engineers... Moderate Unreviewed
CVE-2024-0260 was published Jan 7, 2024
An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control... High Unreviewed
CVE-2023-49935 was published Dec 14, 2023
Concrete CMS missing secure cookie parameters Moderate
CVE-2023-28472 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
Insufficient Session Expiration in Apache NiFi Registry Moderate
CVE-2020-9482 was published for org.apache.nifi.registry:nifi-registry-web-api (Maven) Feb 9, 2022
Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to... Moderate Unreviewed
CVE-2023-39695 was published Nov 1, 2023
yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection Moderate
CVE-2023-46121 was published for yt-dlp (pip) Nov 15, 2023
coletdjnz
Admidio Insufficient Session Expiration vulnerability Moderate
CVE-2023-4190 was published for admidio/admidio (Composer) Aug 6, 2023
IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than... Critical Unreviewed
CVE-2023-46158 was published Oct 25, 2023
Apache InLong Insufficient Session Expiration vulnerability Critical
CVE-2023-31065 was published for org.apache.inlong:manager-dao (Maven) Jul 6, 2023
Answer Insufficient Session Expiration vulnerability Moderate
CVE-2023-4126 was published for github.com/answerdev/answer (Go) Aug 3, 2023
Insufficient Session Expiration in thorsten/phpmyfaq High
CVE-2023-5865 was published for thorsten/phpmyfaq (Composer) Oct 31, 2023
Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Moderate Unreviewed
CVE-2023-5889 was published Nov 1, 2023
Jenkins WSO2 Oauth Plugin Session Fixation vulnerability High
CVE-2023-33005 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) May 16, 2023
Insufficient Session Expiration after a password change High
CVE-2023-38489 was published for getkirby/cms (Composer) Jul 28, 2023
5hank4r
Argo CD web terminal session doesn't expire High
CVE-2023-40025 was published for github.com/argoproj/argo-cd (Go) Aug 23, 2023
zhlu32
Insufficient Session Expiration in GitHub repository linkstackorg/linkstack prior to v4.2.9. Moderate Unreviewed
CVE-2023-5838 was published Oct 29, 2023
Graylog user session is still usable after logout Low
CVE-2023-41041 was published for org.graylog2:graylog2-server (Maven) Jul 6, 2023
thll
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database