GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
289 advisories
Filter by severity
Admidio Insufficient Session Expiration vulnerability
Moderate
CVE-2023-4190
was published
for
admidio/admidio
(Composer)
Aug 6, 2023
Answer Insufficient Session Expiration vulnerability
Moderate
CVE-2023-4126
was published
for
github.com/answerdev/answer
(Go)
Aug 3, 2023
Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5.
Low
Unreviewed
CVE-2023-4005
was published
Jul 31, 2023
Insufficient Session Expiration after a password change
High
CVE-2023-38489
was published
for
getkirby/cms
(Composer)
Jul 28, 2023
An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an...
Critical
Unreviewed
CVE-2023-28001
was published
Jul 11, 2023
Apache InLong Insufficient Session Expiration vulnerability
Critical
CVE-2023-31065
was published
for
org.apache.inlong:manager-dao
(Maven)
Jul 6, 2023
Graylog user session is still usable after logout
Low
CVE-2023-41041
was published
for
org.graylog2:graylog2-server
(Maven)
Jul 6, 2023
In Siren Investigate before 13.2.2, session keys remain active even after logging out.
Critical
Unreviewed
CVE-2023-35857
was published
Jun 19, 2023
Mattermost fails to check if an admin user account active after an oauth2 flow is started,...
Moderate
Unreviewed
CVE-2023-2788
was published
Jun 16, 2023
IBM Security Guardium 11.5 could allow a user to take over another user's session due to...
High
Unreviewed
CVE-2023-0041
was published
Jun 5, 2023
Jenkins WSO2 Oauth Plugin Session Fixation vulnerability
High
CVE-2023-33005
was published
for
org.jenkins-ci.plugins:wso2id-oauth
(Maven)
May 16, 2023
IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which...
Moderate
Unreviewed
CVE-2020-4914
was published
May 5, 2023
IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information...
Moderate
Unreviewed
CVE-2022-38707
was published
May 5, 2023
An issue in the time-based authentication mechanism of Aigital Aigital Wireless-N Repeater...
High
Unreviewed
CVE-2023-30403
was published
May 2, 2023
Concrete CMS missing secure cookie parameters
Moderate
CVE-2023-28472
was published
for
concrete5/concrete5
(Composer)
Apr 28, 2023
A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker...
High
Unreviewed
CVE-2023-28003
was published
Apr 18, 2023
In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be...
Moderate
Unreviewed
CVE-2022-37186
was published
Apr 16, 2023
Firefly III insufficiently expires sessions
Moderate
CVE-2023-1788
was published
for
grumpydictator/firefly-iii
(Composer)
Apr 5, 2023
A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate...
Critical
Unreviewed
CVE-2023-1854
was published
Apr 5, 2023
This disclosure regards a vulnerability related to UAA refresh tokens and external identity...
Moderate
Unreviewed
CVE-2023-20903
was published
Mar 28, 2023
Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a...
Moderate
Unreviewed
CVE-2021-3844
was published
Mar 24, 2023
Answer vulnerable to Insufficient Session Expiration
High
CVE-2023-1543
was published
for
github.com/answerdev/answer
(Go)
Mar 21, 2023
IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user...
Low
Unreviewed
CVE-2023-22591
was published
Mar 15, 2023
Insufficient Session Expiration in pretix
High
CVE-2023-27891
was published
for
pretix
(pip)
Mar 7, 2023
An insufficient session expiration vulnerability exists in the ArubaOS command line interface....
Low
Unreviewed
CVE-2023-22771
was published
Mar 1, 2023
ProTip!
Advisories are also available from the
GraphQL API