Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

279 advisories

Loading
In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the... Critical Unreviewed
CVE-2021-25992 was published Feb 11, 2022
Insufficient Session Expiration in Apache NiFi Registry Moderate
CVE-2020-9482 was published for org.apache.nifi.registry:nifi-registry-web-api (Maven) Feb 9, 2022
A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to... Critical Unreviewed
CVE-2021-22820 was published Jan 29, 2022
Insufficient Session Expiration in Pterodactyl API Moderate
GHSA-7v3x-h7r2-34jv was published for pterodactyl/panel (Composer) Jan 21, 2022
EgoMaw
Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a session on the server-side... High Unreviewed
CVE-2021-37866 was published Jan 19, 2022
In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session... High Unreviewed
CVE-2022-22113 was published Jan 14, 2022
In Mattermost Focalboard, versions prior to v0.7.5, v0.8.4, v0.9.5, v0.10.1 and v0.11.0-rc1; as... Critical Unreviewed
CVE-2022-22122 was published Jan 14, 2022
Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging... Low Unreviewed
CVE-2022-22283 was published Jan 11, 2022
Insufficient Session Expiration in shopware Low
CVE-2022-21652 was published for shopware/shopware (Composer) Jan 6, 2022
In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through... Critical Unreviewed
CVE-2021-25981 was published Jan 4, 2022
An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware... Critical Unreviewed
CVE-2021-35034 was published Dec 30, 2021
An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8... High Unreviewed
CVE-2021-45885 was published Dec 30, 2021
Mahavitaran android application 7.50 and prior are affected by account takeover due to improper... Critical Unreviewed
CVE-2020-27416 was published Dec 9, 2021
An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase®... Critical Unreviewed
CVE-2021-42545 was published Dec 1, 2021
Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration... Critical Unreviewed
CVE-2021-36330 was published Dec 1, 2021
Apostrophe CMS Insufficient Session Expiration vulnerability Critical
CVE-2021-25979 was published for apostrophe (npm) Nov 10, 2021
Insufficient Session Expiration in @cyyynthia/tokenize High
GHSA-jcjx-c3j3-44pr was published for @cyyynthia/tokenize (npm) Nov 10, 2021
williamwa
incomplete JupyterHub logout with simultaneous JupyterLab sessions Low
CVE-2021-41247 was published for jupyterhub (pip) Nov 8, 2021
fritterhoff
Insufficient Session Expiration and TOCTOU Race Condition in OPC FOundation UA .Net Standard Moderate
CVE-2020-8867 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Aug 2, 2021
SessionListener can prevent a session from being invalidated breaking logout Low
CVE-2021-34428 was published for org.eclipse.jetty:jetty-server (Maven) Jun 23, 2021
rmannibucau stephenc
Insufficient Session Expiration in OpenStack Keystone High
CVE-2020-12690 was published for keystone (pip) Jun 9, 2021
Invalid session token expiration High
CVE-2021-32923 was published for github.com/hashicorp/vault (Go) Jun 8, 2021
Insufficient Session Expiration in Kiali High
CVE-2020-1762 was published for github.com/kiali/kiali (Go) May 18, 2021
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19 Moderate
CVE-2021-31408 was published for com.vaadin:vaadin-bom (Maven) Apr 22, 2021
Potential Session Hijacking Low
GHSA-h9q8-5gv2-v6mg was published for shopware/platform (Composer) Mar 12, 2021
ProTip! Advisories are also available from the GraphQL API