GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
166 advisories
@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError
Moderate
CVE-2023-40178
was published
for
@node-saml/node-saml
(npm)
Aug 21, 2023
Concrete CMS missing secure cookie parameters
Moderate
CVE-2023-28472
was published
for
concrete5/concrete5
(Composer)
Apr 28, 2023
Symfony vulnerable to Session Fixation of CSRF tokens
Moderate
CVE-2022-24895
was published
for
symfony/security-bundle
(Composer)
Feb 1, 2023
Zitadel RefreshToken invalidation vulnerability
Moderate
CVE-2023-22492
was published
for
github.com/zitadel/zitadel
(Go)
Jan 11, 2023
Keycloak vulnerable to session takeover with OIDC offline refreshtokens
Moderate
CVE-2022-3916
was published
for
org.keycloak:keycloak-parent
(Maven)
Dec 13, 2022
TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset
Moderate
CVE-2022-23502
was published
for
typo3/cms
(Composer)
Dec 13, 2022
ProTip!
Advisories are also available from the
GraphQL API