GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,324
Composer 4,360
Erlang 33
GitHub Actions 22
Go 2,127
Maven 5,308
npm 3,793
NuGet 683
pip 3,471
Pub 12
RubyGems 894
Rust 894
Swift 38

Unreviewed advisories

All unreviewed 244,892

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

218 advisories

Filter by severity

Sort by

Least recently updated

IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could... Moderate Unreviewed

CVE-2023-26288 was published Jul 30, 2024

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses... Moderate Unreviewed

CVE-2022-32759 was published Jul 25, 2024

On versions before 2.1.4, session is not invalidated after logout. When the user logged in... Critical Unreviewed

CVE-2024-29070 was published Jul 23, 2024

In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or... High Unreviewed

CVE-2024-41827 was published Jul 22, 2024

Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps version 2.0.0... High Unreviewed

CVE-2024-27782 was published Jul 9, 2024

KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1... High Unreviewed

CVE-2024-36041 was published Jul 5, 2024

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The... High Unreviewed

CVE-2024-5995 was published Jun 14, 2024

An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in... Moderate Unreviewed

CVE-2024-36523 was published Jun 12, 2024

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions ... High Unreviewed

CVE-2024-35206 was published Jun 11, 2024

SurveyKing v1.3.1 was discovered to keep users' sessions active after logout. Related to an... Critical Unreviewed

CVE-2024-35049 was published May 14, 2024

An issue in SurveyKing v1.3.1 allows attackers to execute a session replay attack after a user... Moderate Unreviewed

CVE-2024-35048 was published May 14, 2024

An issue in SurveyKing v1.3.1 allows attackers to escalate privileges via re-using the session ID... High Unreviewed

CVE-2024-35050 was published May 14, 2024

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which... Moderate Unreviewed

CVE-2023-40695 was published May 3, 2024

cskefu v7 suffers from Insufficient Session Expiration, which allows attackers to exploit the old... Moderate Unreviewed

CVE-2024-29402 was published Apr 17, 2024

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3... Moderate Unreviewed

CVE-2024-22358 was published Apr 12, 2024

Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session... Moderate Unreviewed

CVE-2024-25954 was published Mar 28, 2024

xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the... Critical Unreviewed

CVE-2024-29401 was published Mar 26, 2024

Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom. This... High Unreviewed

CVE-2024-1623 was published Mar 14, 2024

A CWE-613 “Insufficient Session Expiration” vulnerability in the web application, due to the... Moderate Unreviewed

CVE-2023-45600 was published Mar 5, 2024

The MFA management features did not properly terminate existing user sessions when a user's MFA... Moderate Unreviewed

CVE-2024-21722 was published Feb 29, 2024

An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers... Moderate Unreviewed

CVE-2024-22543 was published Feb 27, 2024

Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in... Moderate Unreviewed

CVE-2024-0008 was published Feb 14, 2024

When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the... High Unreviewed

CVE-2024-22389 was published Feb 14, 2024

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session... Moderate Unreviewed

CVE-2023-45187 was published Feb 9, 2024

IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an... Moderate Unreviewed

CVE-2023-50936 was published Feb 2, 2024

Previous 1 2 3 4 5 … 8 9 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

218 advisories