Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,268
Erlang
31
GitHub Actions
21
Go
2,043
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

303 advisories

Loading
Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a... Moderate Unreviewed
CVE-2021-3844 was published Mar 24, 2023
This disclosure regards a vulnerability related to UAA refresh tokens and external identity... Moderate Unreviewed
CVE-2023-20903 was published Mar 28, 2023
A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate... Critical Unreviewed
CVE-2023-1854 was published Apr 5, 2023
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the... High Unreviewed
CVE-2022-0996 was published Mar 24, 2022
Shopware user session is not logged out if the password is reset via password recovery Low
CVE-2022-24744 was published for shopware/core (Composer) Mar 10, 2022
tdunlap607
Ensure that doorkeeper_token is valid when authenticating requests in API v2 calls High
CVE-2020-15269 was published for spree (RubyGems) Oct 20, 2020
Morantron
After user deletion in MongoDB Server the improper invalidation of authorization sessions allows... Moderate Unreviewed
CVE-2019-2386 was published May 24, 2022
Improper Access Control in GitHub repository namelessmc/nameless prior to v2.0.2. High Unreviewed
CVE-2022-2820 was published Aug 16, 2022
Fusiondirectory 1.3 suffers from Improper Session Handling. Critical Unreviewed
CVE-2022-36179 was published Nov 22, 2022
Keycloak insufficient session expiration High
CVE-2021-3461 was published for org.keycloak:keycloak-parent (Maven) Apr 3, 2022
Symfony vulnerable to Session Fixation of CSRF tokens Moderate
CVE-2022-24895 was published for symfony/security-bundle (Composer) Feb 1, 2023
nicolas-grekas lavish
Keycloak CSRF Vulnerability High
CVE-2017-12159 was published for org.keycloak:keycloak-parent (Maven) May 13, 2022
Microweber Insufficient Session Expiry Moderate
CVE-2020-23136 was published for microweber/microweber (Composer) May 24, 2022
October CMS Session ID not invalidated after logout Critical
CVE-2021-3311 was published for october/rain (Composer) Feb 10, 2021
When an agent user is renamed or set to invalid the session belonging to the user is keept active... Moderate Unreviewed
CVE-2020-1776 was published May 24, 2022
Apache NiFi user log out issue High
CVE-2019-12421 was published for org.apache.nifi:nifi-web-api (Maven) Dec 2, 2019
Keycloak vulnerable to session takeover with OIDC offline refreshtokens Moderate
CVE-2022-3916 was published for org.keycloak:keycloak-parent (Maven) Dec 13, 2022
Flintholm
Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5. Low Unreviewed
CVE-2023-4005 was published Jul 31, 2023
@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError Moderate
CVE-2023-40178 was published for @node-saml/node-saml (npm) Aug 21, 2023
jindazhao01
Graylog user session is still usable after logout Low
CVE-2023-41041 was published for org.graylog2:graylog2-server (Maven) Jul 6, 2023
thll
Insufficient Session Expiration in GitHub repository linkstackorg/linkstack prior to v4.2.9. Moderate Unreviewed
CVE-2023-5838 was published Oct 29, 2023
Argo CD web terminal session doesn't expire High
CVE-2023-40025 was published for github.com/argoproj/argo-cd (Go) Aug 23, 2023
zhlu32
Insufficient Session Expiration after a password change High
CVE-2023-38489 was published for getkirby/cms (Composer) Jul 28, 2023
5hank4r
Jenkins WSO2 Oauth Plugin Session Fixation vulnerability High
CVE-2023-33005 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) May 16, 2023
Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Moderate Unreviewed
CVE-2023-5889 was published Nov 1, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database