Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

123 advisories

Loading
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to... High Unreviewed
CVE-2023-51772 was published Dec 25, 2023
@fastify/session reuses destroyed session cookie High
CVE-2024-35220 was published for @fastify/session (npm) May 21, 2024
kaanoz1
Credited to kaanoz1
The Central Manager user session refresh token does not expire when a user logs out.  Note:... High Unreviewed
CVE-2024-39809 was published Aug 14, 2024
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions ... High Unreviewed
CVE-2024-35206 was published Jun 11, 2024
In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or... High Unreviewed
CVE-2024-41827 was published Jul 22, 2024
Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps version 2.0.0... High Unreviewed
CVE-2024-27782 was published Jul 9, 2024
An issue in SurveyKing v1.3.1 allows attackers to escalate privileges via re-using the session ID... High Unreviewed
CVE-2024-35050 was published May 14, 2024
By sending specific queries to the resolver, an attacker can cause named to crash. High Unreviewed
CVE-2022-3080 was published Sep 22, 2022
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The... High Unreviewed
CVE-2024-5995 was published Jun 14, 2024
zfr authentication adapter did not verify validity of tokens High
GHSA-rcm4-jv5g-wccm was published for zfr/zfr-oauth2-server-module (Composer) Jun 7, 2024
@fastify/secure-session: Reuse of destroyed secure session cookie High
CVE-2024-31999 was published for @fastify/secure-session (npm) Apr 10, 2024
AdamKorcz mcollina
arthurscchan
Credited to AdamKorcz, mcollina, and arthurscchan
An arithmetic overflow flaw was found in Satellite when creating a new personal access token.... High Unreviewed
CVE-2023-4320 was published Dec 30, 2023
A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows... High Unreviewed
CVE-2023-33303 was published Oct 13, 2023
When a non-admin user has been assigned an administrator role via an iControl REST PUT request... High Unreviewed
CVE-2023-42768 was published Oct 10, 2023
An authenticated user's session cookie may remain valid for a limited time after logging out... High Unreviewed
CVE-2023-40537 was published Oct 10, 2023
This vulnerability exists in ESDS Emagic Data Center Management Suit due to non-expiry of session... High Unreviewed
CVE-2023-37570 was published Aug 8, 2023
IBM Security Guardium 11.5 could allow a user to take over another user's session due to... High Unreviewed
CVE-2023-0041 was published Jun 5, 2023
An issue in the time-based authentication mechanism of Aigital Aigital Wireless-N Repeater... High Unreviewed
CVE-2023-30403 was published May 2, 2023
A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker... High Unreviewed
CVE-2023-28003 was published Apr 18, 2023
cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed... High Unreviewed
CVE-2019-17375 was published May 24, 2022
Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom. This... High Unreviewed
CVE-2024-1623 was published Mar 14, 2024
When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the... High Unreviewed
CVE-2024-22389 was published Feb 14, 2024
Insufficient Session Expiration in thorsten/phpmyfaq High
CVE-2023-5865 was published for thorsten/phpmyfaq (Composer) Oct 31, 2023
Jenkins WSO2 Oauth Plugin Session Fixation vulnerability High
CVE-2023-33005 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) May 16, 2023
Insufficient Session Expiration after a password change High
CVE-2023-38489 was published for getkirby/cms (Composer) Jul 28, 2023
5hank4r
Credited to 5hank4r
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database