GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
292 advisories
Filter by severity
IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user...
Low
Unreviewed
CVE-2023-22591
was published
Mar 15, 2023
Insufficient Session Expiration in pretix
High
CVE-2023-27891
was published
for
pretix
(pip)
Mar 7, 2023
An insufficient session expiration vulnerability exists in the ArubaOS command line interface....
Low
Unreviewed
CVE-2023-22771
was published
Mar 1, 2023
vantage6 refresh tokens do not expire
High
CVE-2023-23929
was published
for
vantage6
(pip)
Feb 28, 2023
Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk <= 2.1.0p10...
Critical
Unreviewed
CVE-2022-48317
was published
Feb 20, 2023
SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration...
Moderate
Unreviewed
CVE-2022-34392
was published
Feb 11, 2023
Symfony vulnerable to Session Fixation of CSRF tokens
Moderate
CVE-2022-24895
was published
for
symfony/security-bundle
(Composer)
Feb 1, 2023
Insufficient Session Expiration in Jenkins Azure AD Plugin
High
CVE-2023-24426
was published
for
org.jenkins-ci.plugins:azure-ad
(Maven)
Jan 26, 2023
Shopware has Insufficient Session Expiration in Administration
Low
CVE-2023-22732
was published
for
shopware/core
(Composer)
Jan 20, 2023
Pyload Insufficient Session Expiration vulnerability
Moderate
CVE-2023-0227
was published
for
pyload-ng
(pip)
Jan 12, 2023
Zitadel RefreshToken invalidation vulnerability
Moderate
CVE-2023-22492
was published
for
github.com/zitadel/zitadel
(Go)
Jan 11, 2023
IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access...
High
Unreviewed
CVE-2022-43844
was published
Jan 5, 2023
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session...
Moderate
Unreviewed
CVE-2022-22371
was published
Jan 5, 2023
TYPO3 vulnerable to Insufficient Session Expiration
Critical
CVE-2022-47406
was published
for
derhansen/fe_change_pwd
(Composer)
Dec 14, 2022
Keycloak vulnerable to session takeover with OIDC offline refreshtokens
Moderate
CVE-2022-3916
was published
for
org.keycloak:keycloak-parent
(Maven)
Dec 13, 2022
TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset
Moderate
CVE-2022-23502
was published
for
typo3/cms
(Composer)
Dec 13, 2022
IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through...
Moderate
Unreviewed
CVE-2022-40228
was published
Nov 22, 2022
Fusiondirectory 1.3 suffers from Improper Session Handling.
Critical
Unreviewed
CVE-2022-36179
was published
Nov 22, 2022
Insufficient Session Expiration in librenms/librenms
Critical
CVE-2022-4070
was published
for
librenms/librenms
(Composer)
Nov 20, 2022
rdiffweb vulnerable to Insufficient Session Expiration
High
CVE-2022-3362
was published
for
rdiffweb
(pip)
Nov 15, 2022
HashiCorp Nomad vulnerable to Insufficient Session Expiration
Low
CVE-2022-3867
was published
for
github.com/hashicorp/nomad
(Go)
Nov 10, 2022
"IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout...
Moderate
Unreviewed
CVE-2022-40230
was published
Nov 4, 2022
In affected versions of Octopus Server it is possible for a session token to be valid...
Critical
Unreviewed
CVE-2022-2782
was published
Oct 27, 2022
Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom...
Critical
Unreviewed
CVE-2021-46279
was published
Oct 24, 2022
devhub 0.102.0 was discovered to contain a broken session control.
Moderate
Unreviewed
CVE-2022-41542
was published
Oct 17, 2022
ProTip!
Advisories are also available from the
GraphQL API