GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
304 advisories
Filter by severity
Insufficient Session Expiration in GitHub repository linkstackorg/linkstack prior to v4.2.9.
Moderate
Unreviewed
CVE-2023-5838
was published
Oct 29, 2023
IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than...
Critical
Unreviewed
CVE-2023-46158
was published
Oct 25, 2023
HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate...
Moderate
Unreviewed
CVE-2023-37504
was published
Oct 19, 2023
IBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain sensitive...
Moderate
Unreviewed
CVE-2021-20581
was published
Oct 17, 2023
A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows...
High
Unreviewed
CVE-2023-33303
was published
Oct 13, 2023
An authenticated user's session cookie may remain valid for a limited time after logging out...
High
Unreviewed
CVE-2023-40537
was published
Oct 10, 2023
When a non-admin user has been assigned an administrator role via an iControl REST PUT request...
High
Unreviewed
CVE-2023-42768
was published
Oct 10, 2023
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile...
Low
Unreviewed
CVE-2023-40732
was published
Sep 14, 2023
Argo CD web terminal session doesn't expire
High
CVE-2023-40025
was published
for
github.com/argoproj/argo-cd
(Go)
Aug 23, 2023
@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError
Moderate
CVE-2023-40178
was published
for
@node-saml/node-saml
(npm)
Aug 21, 2023
This vulnerability exists in ESDS Emagic Data Center Management Suit due to non-expiry of session...
High
Unreviewed
CVE-2023-37570
was published
Aug 8, 2023
Admidio Insufficient Session Expiration vulnerability
Moderate
CVE-2023-4190
was published
for
admidio/admidio
(Composer)
Aug 6, 2023
Answer Insufficient Session Expiration vulnerability
Moderate
CVE-2023-4126
was published
for
github.com/answerdev/answer
(Go)
Aug 3, 2023
Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5.
Low
Unreviewed
CVE-2023-4005
was published
Jul 31, 2023
Insufficient Session Expiration after a password change
High
CVE-2023-38489
was published
for
getkirby/cms
(Composer)
Jul 28, 2023
An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an...
Critical
Unreviewed
CVE-2023-28001
was published
Jul 11, 2023
Apache InLong Insufficient Session Expiration vulnerability
Critical
CVE-2023-31065
was published
for
org.apache.inlong:manager-dao
(Maven)
Jul 6, 2023
Graylog user session is still usable after logout
Low
CVE-2023-41041
was published
for
org.graylog2:graylog2-server
(Maven)
Jul 6, 2023
An issue in Ateme Flamingo XL v.3.6.20 and XS v.3.6.5 allows a remote authenticated attacker to...
High
Unreviewed
CVE-2023-36252
was published
Jun 26, 2023
In Siren Investigate before 13.2.2, session keys remain active even after logging out.
Critical
Unreviewed
CVE-2023-35857
was published
Jun 19, 2023
Mattermost fails to check if an admin user account active after an oauth2 flow is started,...
Moderate
Unreviewed
CVE-2023-2788
was published
Jun 16, 2023
IBM Security Guardium 11.5 could allow a user to take over another user's session due to...
High
Unreviewed
CVE-2023-0041
was published
Jun 5, 2023
Jenkins WSO2 Oauth Plugin Session Fixation vulnerability
High
CVE-2023-33005
was published
for
org.jenkins-ci.plugins:wso2id-oauth
(Maven)
May 16, 2023
IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which...
Moderate
Unreviewed
CVE-2020-4914
was published
May 5, 2023
IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information...
Moderate
Unreviewed
CVE-2022-38707
was published
May 5, 2023
ProTip!
Advisories are also available from the
GraphQL API