GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
116 advisories
Filter by severity
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10...
Moderate
Unreviewed
CVE-2022-38382
was published
Aug 13, 2024
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability
Moderate
CVE-2024-42447
was published
for
apache-airflow-providers-fab
(pip)
Aug 5, 2024
IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could...
Moderate
Unreviewed
CVE-2023-26288
was published
Jul 30, 2024
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses...
Moderate
Unreviewed
CVE-2022-32759
was published
Jul 25, 2024
An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in...
Moderate
Unreviewed
CVE-2024-36523
was published
Jun 12, 2024
Reportico Web fails to invalidate cookies upon logout
Moderate
CVE-2024-31556
was published
for
reportico-web/reportico
(Composer)
May 14, 2024
An issue in SurveyKing v1.3.1 allows attackers to execute a session replay attack after a user...
Moderate
Unreviewed
CVE-2024-35048
was published
May 14, 2024
Directus Lacks Session Tokens Invalidation
Moderate
CVE-2024-34709
was published
for
directus
(npm)
May 13, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which...
Moderate
Unreviewed
CVE-2023-40695
was published
May 3, 2024
Keycloak vulnerable to session hijacking via re-authentication
Moderate
CVE-2023-6787
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3...
Moderate
Unreviewed
CVE-2024-22358
was published
Apr 12, 2024
zcap has incomplete expiration checks in capability chains.
Moderate
CVE-2024-31995
was published
for
@digitalbazaar/zcap
(npm)
Apr 10, 2024
Contao: Remember-me tokens will not be cleared after a password change
Moderate
CVE-2024-30262
was published
for
contao/core-bundle
(Composer)
Apr 9, 2024
Shopware Improper Session Handling in store-api account logout
Moderate
CVE-2024-31447
was published
for
shopware/core
(Composer)
Apr 8, 2024
Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session...
Moderate
Unreviewed
CVE-2024-25954
was published
Mar 28, 2024
A CWE-613 “Insufficient Session Expiration” vulnerability in the web application, due to the...
Moderate
Unreviewed
CVE-2023-45600
was published
Mar 5, 2024
An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers...
Moderate
Unreviewed
CVE-2024-22543
was published
Feb 27, 2024
Session Fixation Apache DolphinScheduler
Moderate
CVE-2023-50270
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 20, 2024
Insufficient Session Expiration in github.com/greenpau/caddy-security
Moderate
CVE-2024-21492
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in...
Moderate
Unreviewed
CVE-2024-0008
was published
Feb 14, 2024
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session...
Moderate
Unreviewed
CVE-2023-45187
was published
Feb 9, 2024
IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an...
Moderate
Unreviewed
CVE-2023-50936
was published
Feb 2, 2024
A vulnerability, which was classified as problematic, was found in SourceCodester Engineers...
Moderate
Unreviewed
CVE-2024-0260
was published
Jan 7, 2024
yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection
Moderate
CVE-2023-46121
was published
for
yt-dlp
(pip)
Nov 15, 2023
Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
Moderate
Unreviewed
CVE-2023-5889
was published
Nov 1, 2023
ProTip!
Advisories are also available from the
GraphQL API