GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
304 advisories
Filter by severity
In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles
Moderate
Unreviewed
CVE-2024-56351
was published
Dec 20, 2024
TShock Security Escalation Exploit
High
GHSA-hvm9-wc8j-mgrc
was published
for
TShock
(NuGet)
Dec 18, 2024
A vulnerability was found in InvoicePlane up to 1.6.1 and classified as problematic. Affected by...
Moderate
Unreviewed
CVE-2024-12667
was published
Dec 16, 2024
In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which...
Low
Unreviewed
CVE-2024-7998
was published
Aug 21, 2024
An issue in Ateme Flamingo XL v.3.6.20 and XS v.3.6.5 allows a remote authenticated attacker to...
High
Unreviewed
CVE-2023-36252
was published
Jun 26, 2023
An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17...
Moderate
Unreviewed
CVE-2024-11668
was published
Nov 26, 2024
OpenStack Identity (Keystone) UUID v2 tokens does not expire with revocation events
High
CVE-2014-5252
was published
for
keystone
(pip)
May 17, 2022
OpenStack Identity (Keystone) Multiple vulnerabilities in revocation events
High
CVE-2014-5251
was published
for
keystone
(pip)
May 17, 2022
OpenStack Keystone Domain-scoped tokens don't get revoked
High
CVE-2014-5253
was published
for
keystone
(pip)
May 17, 2022
Mage AI incorrectly gives privileges to users with deleted accounts
Moderate
CVE-2024-45187
was published
for
mage-ai
(pip)
Aug 23, 2024
IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for...
Moderate
Unreviewed
CVE-2024-35160
was published
Nov 23, 2024
An issue was discovered in LemonLDAP::NG before 2.0.12. There is a missing expiration check in...
Critical
Unreviewed
CVE-2021-35473
was published
Nov 11, 2024
vantage6 refresh tokens do not expire
High
CVE-2023-23929
was published
for
vantage6
(pip)
Feb 28, 2023
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability
Low
CVE-2024-42447
was published
for
apache-airflow-providers-fab
(pip)
Aug 5, 2024
aiohttp-session creates non-expiring sessions
High
CVE-2018-1000814
was published
for
aiohttp-session
(pip)
Dec 20, 2018
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin
High
CVE-2024-52553
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Nov 13, 2024
A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue...
Moderate
Unreviewed
CVE-2024-11208
was published
Nov 14, 2024
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected...
Moderate
Unreviewed
CVE-2024-46892
was published
Nov 12, 2024
cskefu v7 suffers from Insufficient Session Expiration, which allows attackers to exploit the old...
Moderate
Unreviewed
CVE-2024-29402
was published
Apr 17, 2024
IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers from Insufficient Session Expiration....
Moderate
Unreviewed
CVE-2024-46040
was published
Oct 7, 2024
The MFA management features did not properly terminate existing user sessions when a user's MFA...
Moderate
Unreviewed
CVE-2024-21722
was published
Feb 29, 2024
rdiffweb vulnerable to Insufficient Session Expiration
High
CVE-2022-3362
was published
for
rdiffweb
(pip)
Nov 15, 2022
SaltStack Salt eauth tokens can be used once after expiration
Critical
CVE-2021-3144
was published
for
salt
(pip)
May 24, 2022
Umbraco CMS logout page displayed before session expiration
Moderate
CVE-2024-48926
was published
for
Umbraco.CMS
(NuGet)
Oct 22, 2024
Samly access control vulnerability
Critical
CVE-2024-25718
was published
for
Samly
(Erlang)
Feb 11, 2024
ProTip!
Advisories are also available from the
GraphQL API