GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
97 advisories
Filter by severity
TShock Security Escalation Exploit
High
GHSA-hvm9-wc8j-mgrc
was published
for
TShock
(NuGet)
Dec 18, 2024
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin
High
CVE-2024-52553
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Nov 13, 2024
An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and...
High
Unreviewed
CVE-2024-48827
was published
Oct 11, 2024
The Central Manager user session refresh token does not expire when a user logs out. Note:...
High
Unreviewed
CVE-2024-39809
was published
Aug 14, 2024
In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or...
High
Unreviewed
CVE-2024-41827
was published
Jul 22, 2024
Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps version 2.0.0...
High
Unreviewed
CVE-2024-27782
was published
Jul 9, 2024
KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1...
High
Unreviewed
CVE-2024-36041
was published
Jul 5, 2024
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider
High
CVE-2023-22650
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The...
High
Unreviewed
CVE-2024-5995
was published
Jun 14, 2024
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions ...
High
Unreviewed
CVE-2024-35206
was published
Jun 11, 2024
zfr authentication adapter did not verify validity of tokens
High
GHSA-rcm4-jv5g-wccm
was published
for
zfr/zfr-oauth2-server-module
(Composer)
Jun 7, 2024
@fastify/session reuses destroyed session cookie
High
CVE-2024-35220
was published
for
@fastify/session
(npm)
May 21, 2024
An issue in SurveyKing v1.3.1 allows attackers to escalate privileges via re-using the session ID...
High
Unreviewed
CVE-2024-35050
was published
May 14, 2024
@fastify/secure-session: Reuse of destroyed secure session cookie
High
CVE-2024-31999
was published
for
@fastify/secure-session
(npm)
Apr 10, 2024
Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom. This...
High
Unreviewed
CVE-2024-1623
was published
Mar 14, 2024
When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the...
High
Unreviewed
CVE-2024-22389
was published
Feb 14, 2024
An arithmetic overflow flaw was found in Satellite when creating a new personal access token....
High
Unreviewed
CVE-2023-4320
was published
Dec 30, 2023
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to...
High
Unreviewed
CVE-2023-51772
was published
Dec 25, 2023
An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control...
High
Unreviewed
CVE-2023-49935
was published
Dec 14, 2023
Insufficient Session Expiration in thorsten/phpmyfaq
High
CVE-2023-5865
was published
for
thorsten/phpmyfaq
(Composer)
Oct 31, 2023
A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows...
High
Unreviewed
CVE-2023-33303
was published
Oct 13, 2023
An authenticated user's session cookie may remain valid for a limited time after logging out...
High
Unreviewed
CVE-2023-40537
was published
Oct 10, 2023
When a non-admin user has been assigned an administrator role via an iControl REST PUT request...
High
Unreviewed
CVE-2023-42768
was published
Oct 10, 2023
Argo CD web terminal session doesn't expire
High
CVE-2023-40025
was published
for
github.com/argoproj/argo-cd
(Go)
Aug 23, 2023
This vulnerability exists in ESDS Emagic Data Center Management Suit due to non-expiry of session...
High
Unreviewed
CVE-2023-37570
was published
Aug 8, 2023
ProTip!
Advisories are also available from the
GraphQL API