Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

122 advisories

Loading
Due to improper JSON Web Tokens implementation an unauthenticated remote attacker can guess a... High Unreviewed
CVE-2021-47663 was published Apr 24, 2025
An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to... High Unreviewed
CVE-2025-28059 was published Apr 18, 2025
OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote... High Unreviewed
CVE-2017-11667 was published May 13, 2022
An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK... High Unreviewed
CVE-2016-8712 was published May 13, 2022
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking... High Unreviewed
CVE-2017-6529 was published May 17, 2022
Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under... High Unreviewed
CVE-2025-1968 was published Apr 9, 2025
An issue was discovered in Archer Platform 6 before 2024.04. Authentication was mishandled... High Unreviewed
CVE-2024-34092 was published May 6, 2024
aiohttp-session creates non-expiring sessions High
CVE-2018-1000814 was published for aiohttp-session (pip) Dec 20, 2018
A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 ... High Unreviewed
CVE-2024-45386 was published Feb 11, 2025
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity... High Unreviewed
CVE-2025-22386 was published Jan 4, 2025
TShock Security Escalation Exploit High
GHSA-hvm9-wc8j-mgrc was published for TShock (NuGet) Dec 18, 2024
sgkoishi THEXN
Credited to sgkoishi and THEXN
An issue in Ateme Flamingo XL v.3.6.20 and XS v.3.6.5 allows a remote authenticated attacker to... High Unreviewed
CVE-2023-36252 was published Jun 26, 2023
OpenStack Identity (Keystone) UUID v2 tokens does not expire with revocation events High
CVE-2014-5252 was published for keystone (pip) May 17, 2022
OpenStack Identity (Keystone) Multiple vulnerabilities in revocation events High
CVE-2014-5251 was published for keystone (pip) May 17, 2022
OpenStack Keystone Domain-scoped tokens don't get revoked High
CVE-2014-5253 was published for keystone (pip) May 17, 2022
vantage6 refresh tokens do not expire High
CVE-2023-23929 was published for vantage6 (pip) Feb 28, 2023
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin High
CVE-2024-52553 was published for org.jenkins-ci.plugins:oic-auth (Maven) Nov 13, 2024
rdiffweb vulnerable to Insufficient Session Expiration High
CVE-2022-3362 was published for rdiffweb (pip) Nov 15, 2022
Insufficient Session Expiration in pretix High
CVE-2023-27891 was published for pretix (pip) Mar 7, 2023
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider High
CVE-2023-22650 was published for github.com/rancher/rancher (Go) Jun 17, 2024
An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and... High Unreviewed
CVE-2024-48827 was published Oct 11, 2024
Insufficient Session Expiration in OpenStack Keystone High
CVE-2020-12690 was published for keystone (pip) Jun 9, 2021
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an... High Unreviewed
CVE-2019-5638 was published May 24, 2022
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API High
CVE-2022-41672 was published for apache-airflow (pip) Oct 7, 2022
sunSUNQ
Credited to sunSUNQ
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to... High Unreviewed
CVE-2023-51772 was published Dec 25, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database