GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
304 advisories
Filter by severity
The Milwaukee ONE-KEY Android mobile application uses bearer tokens with an expiration of one...
Moderate
Unreviewed
CVE-2017-3215
was published
May 13, 2022
Exploitation of session variables, resource IDs and other trusted credentials vulnerability in...
Moderate
Unreviewed
CVE-2017-3966
was published
May 13, 2022
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an...
High
Unreviewed
CVE-2018-0152
was published
May 13, 2022
XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS...
Moderate
Unreviewed
CVE-2018-2451
was published
May 13, 2022
Cloud Foundry Runtime Insufficient Session Expiration vulnerability
Critical
CVE-2015-5171
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not...
High
Unreviewed
CVE-2018-10990
was published
May 13, 2022
A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish...
Moderate
Unreviewed
CVE-2019-0015
was published
May 13, 2022
nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key...
Moderate
Unreviewed
CVE-2014-3616
was published
May 13, 2022
An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK...
High
Unreviewed
CVE-2016-8712
was published
May 13, 2022
Insufficient Session Expiration in Jenkins
High
CVE-2019-1003049
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 ...
Critical
Unreviewed
CVE-2022-24042
was published
May 11, 2022
HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session...
Low
Unreviewed
CVE-2021-27751
was published
May 7, 2022
In Shopizer versions 2.3.0 to 3.0.1 are vulnerable to Insufficient Session Expiration. When a...
High
Unreviewed
CVE-2022-23063
was published
May 4, 2022
An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each...
High
Unreviewed
CVE-2009-20001
was published
Apr 21, 2022
Keycloak insufficient session expiration
High
CVE-2021-3461
was published
for
org.keycloak:keycloak-parent
(Maven)
Apr 3, 2022
Old sessions not blocked by login enable function in Snipe-IT
High
CVE-2022-1155
was published
for
snipe/snipe-it
(Composer)
Mar 31, 2022
SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing...
Moderate
Unreviewed
CVE-2022-25590
was published
Mar 26, 2022
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the...
High
Unreviewed
CVE-2022-0996
was published
Mar 24, 2022
Insufficient Session Expiration in Admidio
High
CVE-2022-0991
was published
for
admidio/admidio
(Composer)
Mar 20, 2022
Insufficient Session Expiration in Sylius
High
CVE-2022-24743
was published
for
sylius/sylius
(Composer)
Mar 14, 2022
Shopware user session is not logged out if the password is reset via password recovery
Low
CVE-2022-24744
was published
for
shopware/core
(Composer)
Mar 10, 2022
Use of a Key Past its Expiration Date and Insufficient Session Expiration in Maddy Mail Server
Moderate
CVE-2022-24732
was published
for
github.com/foxcpp/maddy
(Go)
Mar 7, 2022
IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an...
Moderate
Unreviewed
CVE-2021-38986
was published
Mar 2, 2022
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.
Moderate
Unreviewed
CVE-2022-24332
was published
Feb 26, 2022
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't...
High
Unreviewed
CVE-2022-24341
was published
Feb 26, 2022
ProTip!
Advisories are also available from the
GraphQL API