GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,978
Composer 4,286
Erlang 31
GitHub Actions 21
Go 2,058
Maven 5,239
npm 3,742
NuGet 668
pip 3,423
Pub 12
RubyGems 892
Rust 875
Swift 36

Unreviewed advisories

All unreviewed 239,448

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

62 advisories

Filter by severity

Sort by

Least recently updated

** DISPUTED ** A vulnerability has been found in Microsoft O365 and classified as critical. The... High Unreviewed

CVE-2022-2076 was published Jun 15, 2022

In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an... High Unreviewed

CVE-2021-25966 was published May 24, 2022

In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack... High Unreviewed

CVE-2021-33322 was published May 24, 2022

In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration.... High Unreviewed

CVE-2021-25940 was published May 24, 2022

A vulnerability in the web-based management interface of multiple Cisco Small Business Series... High Unreviewed

CVE-2021-34739 was published May 24, 2022

An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3... High Unreviewed

CVE-2021-33982 was published May 24, 2022

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to... High Unreviewed

CVE-2021-39113 was published May 24, 2022

The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in... High Unreviewed

CVE-2021-35342 was published May 24, 2022

Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor... High Unreviewed

CVE-2021-37156 was published May 24, 2022

IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout... High Unreviewed

CVE-2021-20378 was published May 24, 2022

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series... High Unreviewed

CVE-2021-1542 was published May 24, 2022

A vulnerability in the SIP inspection engine of Cisco Adaptive Security Appliance (ASA) Software... High Unreviewed

CVE-2021-1501 was published May 24, 2022

Files.com Fat Client 3.3.6 allows authentication bypass because the client continues to have... High Unreviewed

CVE-2021-3183 was published May 24, 2022

The REST/JSON project 7.x-1.x for Drupal allows session name guessing, aka SA-CONTRIB-2016-033.... High Unreviewed

CVE-2016-20007 was published May 24, 2022

Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both... High Unreviewed

CVE-2020-23140 was published May 24, 2022

Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout. High Unreviewed

CVE-2020-15950 was published May 24, 2022

An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The... High Unreviewed

CVE-2020-24387 was published May 24, 2022

cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed... High Unreviewed

CVE-2019-17375 was published May 24, 2022

Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an... High Unreviewed

CVE-2019-5638 was published May 24, 2022

Prima Systems FlexAir devices have an Insufficient Session-ID Length. High Unreviewed

CVE-2019-7280 was published May 24, 2022

A remote authorization bypass vulnerability was discovered in Aruba ClearPass Policy Manager... High Unreviewed

CVE-2022-23669 was published May 18, 2022

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking... High Unreviewed

CVE-2017-6529 was published May 17, 2022

iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and... High Unreviewed

CVE-2017-6145 was published May 17, 2022

Improper administrator IP validation after his login in the HTTPd server in all current versions ... High Unreviewed

CVE-2017-15653 was published May 14, 2022

In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf... High Unreviewed

CVE-2018-1195 was published May 13, 2022

Previous 1 2 3 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

62 advisories