GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
51 advisories
Filter by severity
October CMS Session ID not invalidated after logout
Critical
CVE-2021-3311
was published
for
october/rain
(Composer)
Feb 10, 2021
Apostrophe CMS Insufficient Session Expiration vulnerability
Critical
CVE-2021-25979
was published
for
apostrophe
(npm)
Nov 10, 2021
Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration...
Critical
Unreviewed
CVE-2021-36330
was published
Dec 1, 2021
An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase®...
Critical
Unreviewed
CVE-2021-42545
was published
Dec 1, 2021
Mahavitaran android application 7.50 and prior are affected by account takeover due to improper...
Critical
Unreviewed
CVE-2020-27416
was published
Dec 9, 2021
An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware...
Critical
Unreviewed
CVE-2021-35034
was published
Dec 30, 2021
In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through...
Critical
Unreviewed
CVE-2021-25981
was published
Jan 4, 2022
In Mattermost Focalboard, versions prior to v0.7.5, v0.8.4, v0.9.5, v0.10.1 and v0.11.0-rc1; as...
Critical
Unreviewed
CVE-2022-22122
was published
Jan 14, 2022
A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to...
Critical
Unreviewed
CVE-2021-22820
was published
Jan 29, 2022
In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the...
Critical
Unreviewed
CVE-2021-25992
was published
Feb 11, 2022
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 ...
Critical
Unreviewed
CVE-2022-24042
was published
May 11, 2022
Cloud Foundry Runtime Insufficient Session Expiration vulnerability
Critical
CVE-2015-5171
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are...
Critical
Unreviewed
CVE-2016-5069
was published
May 17, 2022
Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass...
Critical
Unreviewed
CVE-2014-2595
was published
May 17, 2022
A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1...
Critical
Unreviewed
CVE-2018-6634
was published
May 24, 2022
Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions.
Critical
Unreviewed
CVE-2018-21018
was published
May 24, 2022
NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the...
Critical
Unreviewed
CVE-2016-11014
was published
May 24, 2022
Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an...
Critical
Unreviewed
CVE-2019-11168
was published
May 24, 2022
A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated...
Critical
Unreviewed
CVE-2020-27739
was published
May 24, 2022
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire...
Critical
Unreviewed
CVE-2020-27422
was published
May 24, 2022
In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie...
Critical
Unreviewed
CVE-2020-29667
was published
May 24, 2022
An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and...
Critical
Unreviewed
CVE-2020-6649
was published
May 24, 2022
SaltStack Salt eauth tokens can be used once after expiration
Critical
CVE-2021-3144
was published
for
salt
(pip)
May 24, 2022
DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On...
Critical
Unreviewed
CVE-2020-35358
was published
May 24, 2022
Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at...
Critical
Unreviewed
CVE-2021-37333
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API