Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

262 advisories

Loading
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider High
CVE-2023-22650 was published for github.com/rancher/rancher (Go) Jun 17, 2024
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The... High Unreviewed
CVE-2024-5995 was published Jun 14, 2024
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions ... High Unreviewed
CVE-2024-35206 was published Jun 11, 2024
zenml-io/zenml does not expire the session after password reset Low
CVE-2024-4680 was published for zenml (pip) Jun 8, 2024
zfr authentication adapter did not verify validity of tokens High
GHSA-rcm4-jv5g-wccm was published for zfr/zfr-oauth2-server-module (Composer) Jun 7, 2024
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled Low
GHSA-5r8w-66hq-rc39 was published for silverstripe/framework (Composer) May 27, 2024
@fastify/session reuses destroyed session cookie High
CVE-2024-35220 was published for @fastify/session (npm) May 21, 2024
Reportico Web fails to invalidate cookies upon logout Moderate
CVE-2024-31556 was published for reportico-web/reportico (Composer) May 14, 2024
Directus Lacks Session Tokens Invalidation Moderate
CVE-2024-34709 was published for directus (npm) May 13, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which... Moderate Unreviewed
CVE-2023-40695 was published May 3, 2024
Keycloak vulnerable to session hijacking via re-authentication Moderate
CVE-2023-6787 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3... Moderate Unreviewed
CVE-2024-22358 was published Apr 12, 2024
zcap has incomplete expiration checks in capability chains. Moderate
CVE-2024-31995 was published for @digitalbazaar/zcap (npm) Apr 10, 2024
@fastify/secure-session: Reuse of destroyed secure session cookie High
CVE-2024-31999 was published for @fastify/secure-session (npm) Apr 10, 2024
AdamKorcz mcollina
arthurscchan
Contao: Remember-me tokens will not be cleared after a password change Moderate
CVE-2024-30262 was published for contao/core-bundle (Composer) Apr 9, 2024
bytehead
Shopware Improper Session Handling in store-api account logout Moderate
CVE-2024-31447 was published for shopware/core (Composer) Apr 8, 2024
mdanilowicz
Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session... Moderate Unreviewed
CVE-2024-25954 was published Mar 28, 2024
Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom. This... High Unreviewed
CVE-2024-1623 was published Mar 14, 2024
A CWE-613 “Insufficient Session Expiration” vulnerability in the web application, due to the... Moderate Unreviewed
CVE-2023-45600 was published Mar 5, 2024
The MFA management features did not properly terminate existing user sessions when a user's MFA... Unknown Unreviewed
CVE-2024-21722 was published Feb 29, 2024
Session Fixation Apache DolphinScheduler Moderate
CVE-2023-50270 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
oscerd
Insufficient Session Expiration in github.com/greenpau/caddy-security Moderate
CVE-2024-21492 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in... Moderate Unreviewed
CVE-2024-0008 was published Feb 14, 2024
When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the... High Unreviewed
CVE-2024-22389 was published Feb 14, 2024
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session... Moderate Unreviewed
CVE-2023-45187 was published Feb 9, 2024
ProTip! Advisories are also available from the GraphQL API