Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

131 advisories

Loading
A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for... Moderate Unreviewed
CVE-2020-3188 was published May 24, 2022
SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be... Moderate Unreviewed
CVE-2020-6178 was published May 24, 2022
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache... Moderate Unreviewed
CVE-2019-14826 was published May 24, 2022
An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the... Moderate Unreviewed
CVE-2019-16133 was published May 24, 2022
After user deletion in MongoDB Server the improper invalidation of authorization sessions allows... Moderate Unreviewed
CVE-2019-2386 was published May 24, 2022
Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries... Moderate Unreviewed
CVE-2019-7215 was published May 24, 2022
The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x... Moderate Unreviewed
CVE-2019-3790 was published May 24, 2022
IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2... Moderate Unreviewed
CVE-2019-4072 was published May 24, 2022
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are... Moderate Unreviewed
CVE-2017-1000135 was published May 17, 2022
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are... Moderate Unreviewed
CVE-2017-1000136 was published May 17, 2022
IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to... Moderate Unreviewed
CVE-2017-1693 was published May 14, 2022
Philips ISCV application prior to version 2.3.0 has an insufficient session expiration... Moderate Unreviewed
CVE-2018-5438 was published May 14, 2022
A denial of service vulnerability exists in Schneider Electric's MiCOM Px4x (P540 range excluded)... Moderate Unreviewed
CVE-2018-7758 was published May 14, 2022
Symfony DoS Moderate
CVE-2018-11386 was published for symfony/http-foundation (Composer) May 14, 2022
SimpleSAMLphp Invalid token creation and validation Moderate
CVE-2017-12867 was published for simplesamlphp/simplesamlphp (Composer) May 13, 2022
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to... Moderate Unreviewed
CVE-2017-1000131 was published May 13, 2022
An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller... Moderate Unreviewed
CVE-2017-14007 was published May 13, 2022
The Milwaukee ONE-KEY Android mobile application uses bearer tokens with an expiration of one... Moderate Unreviewed
CVE-2017-3215 was published May 13, 2022
Exploitation of session variables, resource IDs and other trusted credentials vulnerability in... Moderate Unreviewed
CVE-2017-3966 was published May 13, 2022
XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS... Moderate Unreviewed
CVE-2018-2451 was published May 13, 2022
A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish... Moderate Unreviewed
CVE-2019-0015 was published May 13, 2022
nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key... Moderate Unreviewed
CVE-2014-3616 was published May 13, 2022
SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing... Moderate Unreviewed
CVE-2022-25590 was published Mar 26, 2022
Use of a Key Past its Expiration Date and Insufficient Session Expiration in Maddy Mail Server Moderate
CVE-2022-24732 was published for github.com/foxcpp/maddy (Go) Mar 7, 2022
ysf
IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an... Moderate Unreviewed
CVE-2021-38986 was published Mar 2, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database