GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
26 advisories
Filter by severity
In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which...
Low
Unreviewed
CVE-2024-7998
was published
Aug 21, 2024
An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and...
Low
Unreviewed
CVE-2022-45862
was published
Aug 13, 2024
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability
Low
CVE-2024-42447
was published
for
apache-airflow-providers-fab
(pip)
Aug 5, 2024
zenml-io/zenml does not expire the session after password reset
Low
CVE-2024-4680
was published
for
zenml
(pip)
Jun 8, 2024
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled
Low
GHSA-5r8w-66hq-rc39
was published
for
silverstripe/framework
(Composer)
May 27, 2024
A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as...
Low
Unreviewed
CVE-2024-0942
was published
Jan 26, 2024
A vulnerability was found in Totolink T8 4.1.5cu.833_20220905. It has been rated as problematic....
Low
Unreviewed
CVE-2024-0944
was published
Jan 26, 2024
A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic....
Low
Unreviewed
CVE-2024-0943
was published
Jan 26, 2024
A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as...
Low
Unreviewed
CVE-2024-0350
was published
Jan 10, 2024
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile...
Low
Unreviewed
CVE-2023-40732
was published
Sep 14, 2023
Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5.
Low
Unreviewed
CVE-2023-4005
was published
Jul 31, 2023
Graylog user session is still usable after logout
Low
CVE-2023-41041
was published
for
org.graylog2:graylog2-server
(Maven)
Jul 6, 2023
IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user...
Low
Unreviewed
CVE-2023-22591
was published
Mar 15, 2023
An insufficient session expiration vulnerability exists in the ArubaOS command line interface....
Low
Unreviewed
CVE-2023-22771
was published
Mar 1, 2023
Shopware has Insufficient Session Expiration in Administration
Low
CVE-2023-22732
was published
for
shopware/core
(Composer)
Jan 20, 2023
HashiCorp Nomad vulnerable to Insufficient Session Expiration
Low
CVE-2022-3867
was published
for
github.com/hashicorp/nomad
(Go)
Nov 10, 2022
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where...
Low
Unreviewed
CVE-2021-22136
was published
May 24, 2022
Gitaly Insufficient Session Expiration vulnerability
Low
CVE-2020-13353
was published
for
gitaly
(RubyGems)
May 24, 2022
SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. The...
Low
Unreviewed
CVE-2020-6197
was published
May 24, 2022
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive...
Low
Unreviewed
CVE-2016-0234
was published
May 13, 2022
HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session...
Low
Unreviewed
CVE-2021-27751
was published
May 7, 2022
Shopware user session is not logged out if the password is reset via password recovery
Low
CVE-2022-24744
was published
for
shopware/core
(Composer)
Mar 10, 2022
Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging...
Low
Unreviewed
CVE-2022-22283
was published
Jan 11, 2022
Insufficient Session Expiration in shopware
Low
CVE-2022-21652
was published
for
shopware/shopware
(Composer)
Jan 6, 2022
SessionListener can prevent a session from being invalidated breaking logout
Low
CVE-2021-34428
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Jun 23, 2021
ProTip!
Advisories are also available from the
GraphQL API