GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
294 advisories
Filter by severity
Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom...
Critical
Unreviewed
CVE-2021-46279
was published
Oct 24, 2022
devhub 0.102.0 was discovered to contain a broken session control.
Moderate
Unreviewed
CVE-2022-41542
was published
Oct 17, 2022
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API
High
CVE-2022-41672
was published
for
apache-airflow
(pip)
Oct 7, 2022
IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow...
Moderate
Unreviewed
CVE-2022-41291
was published
Oct 7, 2022
In affected versions of Octopus Server it was identified that a session cookie could be used as...
Moderate
Unreviewed
CVE-2022-2783
was published
Oct 6, 2022
By sending specific queries to the resolver, an attacker can cause named to crash.
High
Unreviewed
CVE-2022-3080
was published
Sep 22, 2022
OctoPrint vulnerable to Insufficient Session Expiration.
Moderate
CVE-2022-2888
was published
for
OctoPrint
(pip)
Sep 22, 2022
Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has...
Moderate
Unreviewed
CVE-2019-5641
was published
Sep 22, 2022
Pinniped Supervisor Insufficient Session Expiration vulnerability
Moderate
CVE-2022-31677
was published
for
go.pinniped.dev
(Go)
Sep 1, 2022
Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to...
Moderate
Unreviewed
CVE-2022-34624
was published
Aug 20, 2022
Improper Access Control in GitHub repository namelessmc/nameless prior to v2.0.2.
High
Unreviewed
CVE-2022-2820
was published
Aug 16, 2022
Cockpit before 2.2.0 vulnerable to Insufficient Session Expiration
Critical
CVE-2022-2713
was published
for
aheinze/cockpit
(Composer)
Aug 9, 2022
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x...
Critical
Unreviewed
CVE-2022-35728
was published
Aug 5, 2022
NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the ...
Moderate
Unreviewed
CVE-2022-30698
was published
Aug 2, 2022
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the ...
Moderate
Unreviewed
CVE-2022-30699
was published
Aug 2, 2022
FlyteAdmin Insufficient AccessToken Expiration Check
Moderate
CVE-2022-31145
was published
for
github.com/flyteorg/flyteadmin
(Go)
Jul 15, 2022
A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S ...
High
Unreviewed
CVE-2022-33137
was published
Jul 13, 2022
Insufficient Session Expiration in Nakama
High
CVE-2022-2306
was published
for
github.com/heroiclabs/nakama
(Go)
Jul 6, 2022
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout...
Critical
Unreviewed
CVE-2022-22318
was published
Jun 21, 2022
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout...
Critical
Unreviewed
CVE-2022-22317
was published
Jun 21, 2022
Insufficient Session Expiration in TYPO3's Admin Tool
Moderate
CVE-2022-31050
was published
for
typo3/cms
(Composer)
Jun 17, 2022
** DISPUTED ** A vulnerability has been found in Microsoft O365 and classified as critical. The...
High
Unreviewed
CVE-2022-2076
was published
Jun 15, 2022
Insufficient Session Expiration in NocoDB
High
CVE-2022-2064
was published
for
nocodb
(npm)
Jun 14, 2022
BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration...
Moderate
Unreviewed
CVE-2022-30277
was published
Jun 3, 2022
In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an...
High
Unreviewed
CVE-2021-25966
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API