Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,268
Erlang
31
GitHub Actions
21
Go
2,042
Maven
5,000+
npm
3,735
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
867
Swift
36
Unreviewed advisories
All unreviewed
5,000+

302 advisories

Loading
Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session... Moderate Unreviewed
CVE-2024-25954 was published Mar 28, 2024
A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic.... Low Unreviewed
CVE-2024-0943 was published Jan 26, 2024
A vulnerability was found in Totolink T8 4.1.5cu.833_20220905. It has been rated as problematic.... Low Unreviewed
CVE-2024-0944 was published Jan 26, 2024
Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass... Critical Unreviewed
CVE-2014-2595 was published May 17, 2022
A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1... Critical Unreviewed
CVE-2018-6634 was published May 24, 2022
The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x... Moderate Unreviewed
CVE-2019-3790 was published May 24, 2022
Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries... Moderate Unreviewed
CVE-2019-7215 was published May 24, 2022
An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the... Moderate Unreviewed
CVE-2019-16133 was published May 24, 2022
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache... Moderate Unreviewed
CVE-2019-14826 was published May 24, 2022
Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions. Critical Unreviewed
CVE-2018-21018 was published May 24, 2022
cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed... High Unreviewed
CVE-2019-17375 was published May 24, 2022
Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an... Critical Unreviewed
CVE-2019-11168 was published May 24, 2022
SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be... Moderate Unreviewed
CVE-2020-6178 was published May 24, 2022
SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. The... Low Unreviewed
CVE-2020-6197 was published May 24, 2022
In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be... Moderate Unreviewed
CVE-2022-37186 was published Apr 16, 2023
A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker... High Unreviewed
CVE-2023-28003 was published Apr 18, 2023
An issue in the time-based authentication mechanism of Aigital Aigital Wireless-N Repeater... High Unreviewed
CVE-2023-30403 was published May 2, 2023
IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information... Moderate Unreviewed
CVE-2022-38707 was published May 5, 2023
IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which... Moderate Unreviewed
CVE-2020-4914 was published May 5, 2023
IBM Security Guardium 11.5 could allow a user to take over another user's session due to... High Unreviewed
CVE-2023-0041 was published Jun 5, 2023
Mattermost fails to check if an admin user account active after an oauth2 flow is started,... Moderate Unreviewed
CVE-2023-2788 was published Jun 16, 2023
In Siren Investigate before 13.2.2, session keys remain active even after logging out. Critical Unreviewed
CVE-2023-35857 was published Jun 19, 2023
An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an... Critical Unreviewed
CVE-2023-28001 was published Jul 11, 2023
This vulnerability exists in ESDS Emagic Data Center Management Suit due to non-expiry of session... High Unreviewed
CVE-2023-37570 was published Aug 8, 2023
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile... Low Unreviewed
CVE-2023-40732 was published Sep 14, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database