GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
131 advisories
Use of a Key Past its Expiration Date and Insufficient Session Expiration in Maddy Mail Server
Moderate
CVE-2022-24732
was published
for
github.com/foxcpp/maddy
(Go)
Mar 7, 2022
FlyteAdmin Insufficient AccessToken Expiration Check
Moderate
CVE-2022-31145
was published
for
github.com/flyteorg/flyteadmin
(Go)
Jul 15, 2022
Symfony vulnerable to Session Fixation of CSRF tokens
Moderate
CVE-2022-24895
was published
for
symfony/security-bundle
(Composer)
Feb 1, 2023
Keycloak vulnerable to session takeover with OIDC offline refreshtokens
Moderate
CVE-2022-3916
was published
for
org.keycloak:keycloak-parent
(Maven)
Dec 13, 2022
@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError
Moderate
CVE-2023-40178
was published
for
@node-saml/node-saml
(npm)
Aug 21, 2023
yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection
Moderate
CVE-2023-46121
was published
for
yt-dlp
(pip)
Nov 15, 2023
Concrete CMS missing secure cookie parameters
Moderate
CVE-2023-28472
was published
for
concrete5/concrete5
(Composer)
Apr 28, 2023
ProTip!
Advisories are also available from the
GraphQL API