GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
294 advisories
Filter by severity
When a non-admin user has been assigned an administrator role via an iControl REST PUT request...
High
Unreviewed
CVE-2023-42768
was published
Oct 10, 2023
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile...
Low
Unreviewed
CVE-2023-40732
was published
Sep 14, 2023
Argo CD web terminal session doesn't expire
High
CVE-2023-40025
was published
for
github.com/argoproj/argo-cd
(Go)
Aug 23, 2023
@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError
Moderate
CVE-2023-40178
was published
for
@node-saml/node-saml
(npm)
Aug 21, 2023
This vulnerability exists in ESDS Emagic Data Center Management Suit due to non-expiry of session...
High
Unreviewed
CVE-2023-37570
was published
Aug 8, 2023
Admidio Insufficient Session Expiration vulnerability
Moderate
CVE-2023-4190
was published
for
admidio/admidio
(Composer)
Aug 6, 2023
Answer Insufficient Session Expiration vulnerability
Moderate
CVE-2023-4126
was published
for
github.com/answerdev/answer
(Go)
Aug 3, 2023
Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5.
Low
Unreviewed
CVE-2023-4005
was published
Jul 31, 2023
Insufficient Session Expiration after a password change
High
CVE-2023-38489
was published
for
getkirby/cms
(Composer)
Jul 28, 2023
An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an...
Critical
Unreviewed
CVE-2023-28001
was published
Jul 11, 2023
Apache InLong Insufficient Session Expiration vulnerability
Critical
CVE-2023-31065
was published
for
org.apache.inlong:manager-dao
(Maven)
Jul 6, 2023
Graylog user session is still usable after logout
Low
CVE-2023-41041
was published
for
org.graylog2:graylog2-server
(Maven)
Jul 6, 2023
In Siren Investigate before 13.2.2, session keys remain active even after logging out.
Critical
Unreviewed
CVE-2023-35857
was published
Jun 19, 2023
Mattermost fails to check if an admin user account active after an oauth2 flow is started,...
Moderate
Unreviewed
CVE-2023-2788
was published
Jun 16, 2023
IBM Security Guardium 11.5 could allow a user to take over another user's session due to...
High
Unreviewed
CVE-2023-0041
was published
Jun 5, 2023
Jenkins WSO2 Oauth Plugin Session Fixation vulnerability
High
CVE-2023-33005
was published
for
org.jenkins-ci.plugins:wso2id-oauth
(Maven)
May 16, 2023
IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which...
Moderate
Unreviewed
CVE-2020-4914
was published
May 5, 2023
IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information...
Moderate
Unreviewed
CVE-2022-38707
was published
May 5, 2023
An issue in the time-based authentication mechanism of Aigital Aigital Wireless-N Repeater...
High
Unreviewed
CVE-2023-30403
was published
May 2, 2023
Concrete CMS missing secure cookie parameters
Moderate
CVE-2023-28472
was published
for
concrete5/concrete5
(Composer)
Apr 28, 2023
A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker...
High
Unreviewed
CVE-2023-28003
was published
Apr 18, 2023
In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be...
Moderate
Unreviewed
CVE-2022-37186
was published
Apr 16, 2023
Firefly III insufficiently expires sessions
Moderate
CVE-2023-1788
was published
for
grumpydictator/firefly-iii
(Composer)
Apr 5, 2023
A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate...
Critical
Unreviewed
CVE-2023-1854
was published
Apr 5, 2023
This disclosure regards a vulnerability related to UAA refresh tokens and external identity...
Moderate
Unreviewed
CVE-2023-20903
was published
Mar 28, 2023
ProTip!
Advisories are also available from the
GraphQL API